Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Prioritizing Open Source Vulnerabilities: Is Reachability Useful?

By Stephen Magill on December 06, 2021 Open Source
Good software composition analysis (SCA) can reduce open source risk, but poor results slows development. Can prioritization based on reachability help?

How to Protect Yourself Against Trojan Source Unicode Attacks with Nexus Firewall

By Chris Good on December 03, 2021 Nexus Firewall
A new kind of attack, Trojan Source, hides vulnerabilities in plain sight of open source code. Protect your development teams with Nexus Firewall.

New Nexus Lifecycle Enhancements Deliver Faster Remediation Experience

By Chris Good on December 03, 2021 Nexus Lifecycle
Prevent development hazards with new Nexus Lifecycle features to quickly compare versions, avoid vulnerabilities, and evaluate open source licenses.

How DevOps at Scale and Tool Onboarding Relate

By Fred Jonkhart on November 29, 2021 Devops
Supporting developers in their DevOps transformation means more than just access to services. A look enterprise CI/CD efforts at ABN AMRO.

Another Day of Malware: Malicious ‘botaa3’ PyPI Package Taken Down

By Ax Sharma on November 29, 2021 vulnerabilities
A typosquatting attack aimed at the boto3 AWS project, handing system controls to the attacker.

Tracking the ‘Noblox.js’ npm Malware Campaign

By Juan Aguirre on November 23, 2021 vulnerabilities
Another malicious npm package, noblox.js-rpc was spotted on registry that leverages familiar techniques to steal all sorts of sensitive data.

New Nexus Firewall Release with Developer-First Enhancements

By Chris Good on November 16, 2021 Nexus Firewall
With increasing attacks targeting developers, Sonatype’s new Nexus Firewall features improve application security and developer productivity.

NPM Hijackers at it Again: Popular ‘coa’ and ‘rc’ Open Source Libraries Taken Over to Spread Malware

By Juan Aguirre on November 05, 2021 vulnerabilities
Npm coa and rc packages were hijacked, via an account takeover, again highlighting the need to protect your open source software supply chains.

Fake npm Roblox API Package Installs Ransomware and has a Spooky Surprise

By Juan Aguirre on October 27, 2021 vulnerabilities
Fake npm Roblox API package discovered by Sonatype uncovers first known ransomware maliciously placed in typosquatted open source package.