Skip Navigation
Book a Demo
Book a Demo

Featured Article

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

By Ax Sharma on October 12, 2023 vulnerability

Discover ten open source packages affected by the HTTP/2 Rapid Reset vulnerability, disclosed by Cloudflare this week

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

The shifting landscape of open source supply chain attacks - Part 3

By Brian Fox on January 26, 2023 thought leaders

12 minute read time

Brian Fox shares insights on who’s responsible for the security of software supply chains, and how orgs can minimize impact on efficiency and speed.
Read More...
READ MORE

Going online with the OWASP Vulnerability Management Guide Working Group

6 minute read time

The OWASP Vulnerability Management Guide (OVMG) project seeks to simplify vulnerability management into repeatable and scalable cycles.
Read More...
READ MORE

Malware Monthly - December 2022

10 minute read time

Sonatype's Malware Monthly brings you the latest information on malicious and suspicious packages discovered in software registries.
Read More...
Metal chain links tied by a thin string
READ MORE

The no-fix mediums? Not having a high priority doesn’t mean low danger

By Luke Mcbride on October 31, 2022 vulnerabilities

5 minute read time

An ongoing weak link in the software supply chain is vulnerable software – are you being proactive or just putting out fires?
Read More...
READ MORE

This Week in Malware - Over 70 packages discovered

By Aaron Linskens on October 28, 2022 vulnerabilities

2 minute read time

This week, we discovered and analyzed six dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.
Read More...
Warning message on a screen, hands thrown up in frustration
READ MORE

This Week in Malware - Nearly 40 packages discovered

By Aaron Linskens on October 21, 2022 vulnerabilities

2 minute read time

This week in malware, we discovered and analyzed nearly 40 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.
Read More...
READ MORE

This Week in Malware - Over 50 packages discovered

By Aaron Linskens on October 14, 2022 vulnerabilities

2 minute read time

This week we discovered and analyzed nearly 5 dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.
Read More...
READ MORE

This Week in Malware - Over 100 packages discovered

By Aaron Linskens on October 07, 2022 vulnerabilities

6 minute read time

This week in malware, we discovered and analyzed more than 100 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.
Read More...
READ MORE

This Week in Malware - 135 packages target npm and PyPI registries

By Aaron Linskens on September 30, 2022 vulnerabilities

3 minute read time

This week in malware, we discovered and analyzed 135 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.
Read More...