Collaborate Disseminate
If you’re freaking out because JFrog announced it’s sunsetting Bintray and JCenter, and are concerned about moving your Java components into The Central Repository, I want to first and foremost say – don’t worry. We’re here for you and I personall… Continue reading Dear Bintray and JCenter Users – Here’s What You Need to Know About The Central Repository
In recent years, we at Sonatype have dedicated an extensive amount of time to studying enterprise development teams, open source projects, and how everything in the OSS ecosystem works together. In fact, in a two-year-long study with Gene Kim and … Continue reading Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management
Making a salad for lunch or dinner? What ingredients do you use? Lettuce, carrots, onions, tomatoes, dressing? If you just go by the list of ingredients, you know what you’ve used, but not the quality of the ingredients themselves. In the realm of… Continue reading Octopus Malware Compromises 26 OSS Projects on GitHub
Today, news broke that GitHub and its parent company Microsoft, acquired npm and its public repository of open source JavaScript packages.
In 2018 when Microsoft acquired Github, many in the developer community had a cautious, even emotional respo… Continue reading Microsoft Acquires npm: A Healthy Move for Critical Public Infrastructure
Over the past two years, I’ve spoken about more than 20 instances of adversaries intentionally publishing malicious components into public open source and container repositories. Adversaries used these attacks to mine cryptocurrency, steal p… Continue reading The Dot Zero Conundrum and the New Frontier of Securing Open Source
The manufacturing environment is changing fast. Digital transformation promises substantial increases in productivity, speed and quality. Securing modern manufacturing is essential to safety and uptime.
Fortunately, guidelines such as the NIST Cyberse… Continue reading Two Steps to Adopting Cyber Security Best Practices for Manufacturing
We at Sonatype take our responsibility as stewards of the Central Repository (Central) very seriously, and for well over a decade we have been dedicated to the ideal of immutability when it comes to serving components to the community that relies … Continue reading Removing Search Guard from the Central Repository
Over the last several years, we’ve been raising awareness of breaches to popular open source software components and the worrying trend that they are more frequently being attacked at the source – bad actors are growing bolder and the veloci… Continue reading Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security
In March, a researcher from Twistlock contacted us about two issues he identified, stemming from user access settings. As with any disclosure, we immediately looked into it.
The post Anonymous Access In Nexus Repository is Not A Zero-Day Vul… Continue reading Anonymous Access In Nexus Repository is Not A Zero-Day Vulnerability