Collaborate Disseminate
Just three days ago on February 9th, Sonatype released our findings on Alex Birsan’s research in which he used the “dependency or namespace confusion” technique to push his malicious proof-of-concept (PoC) code to internal development builds of ov… Continue reading Sonatype Spots 150+ Malicious npm Packages Copying Recent Software Supply Chain Attacks that Hit 35 Organizations
Just three days ago on February 9th, Sonatype released our findings on Alex Birsan’s research in which he used the “dependency or namespace confusion” technique to push his malicious proof-of-concept (PoC) code to internal development builds of ov… Continue reading Sonatype Spots 150+ Malicious npm Packages Copying Recent Software Supply Chain Attacks that Hit 35 Organizations
Today, news broke that a security researcher managed to breach systems of over 35 tech companies in what has been described as a novel software supply chain attack.
The post Dependency Hijacking Software Supply Chain Attack Hits More Than 35 Organ… Continue reading Dependency Hijacking Software Supply Chain Attack Hits More Than 35 Organizations
If you’re freaking out because JFrog announced it’s sunsetting Bintray and JCenter, and are concerned about moving your Java components into The Central Repository, I want to first and foremost say – don’t worry. We’re here for you and I personall… Continue reading Dear Bintray and JCenter Users – Here’s What You Need to Know About The Central Repository
It’s no secret that we understand the power of community and partnership at Sonatype. It’s why we’re in business – open source components, or reusable, community developed software parts, allow companies to save time and money, improve quality, de… Continue reading Sonatype and SVA join forces to help companies develop better, more secure software
As you may have seen, we at Sonatype have been following the SolarWinds’ software supply chain security breach closely. We’ve simultaneously been reviewing and analyzing our own environments to confirm we are not impacted by this security vulnerab… Continue reading Does the SolarWinds’ Orion Security Advisory Impact Sonatype’s Product?
If you didn’t know what a software supply chain was – let alone a software supply chain attack – you do now. As someone who’s been researching, studying and talking about this attack vector for the past seven years, the malicious attack on SolarWi… Continue reading The SolarWinds Software Supply Chain Attack: How Developers Can Protect Applications
In the past week the US Treasury, US Department of Commerce and cybersecurity company FireEye experienced breaches tied to their reliance on software supply chains and a compromise of a SolarWinds software application. Officials stated that the ex… Continue reading Tracing the SolarWinds exploit upstream
Today, we’re excited to announce a partnership with Fugue to bring cloud security and compliance into development work streams, helping your teams build, deploy, and manage secure applications in today’s popular cloud-native environments.
The pos… Continue reading Open Source and Cloud Security Together at Last
Just months after Octopus Scanner was caught infecting 26 open-source projects on GitHub, new reports have already surfaced of another, new sophisticated malware infection. Gitpaste-12, a worming botnet, is extremely versatile in its advanced capa… Continue reading Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers