Collaborate Disseminate
As news continues to cascade on a recent dependency hijacking software supply chain attack, detection of dependency confusion, a.k.a. namespace confusion, copycat packages are on the rise. These counterfeit packages, presenting the same attack met… Continue reading Sonatype Releases New Nexus Firewall Policy to Secure Software Supply Chains from “Dependency Confusion” Attacks
In addition to regular vulnerability data research, the Sonatype Security Research Team also contributes to the open-source community by going the extra mile when we discover flaws that were previously not reported. Recall, earlier this year when … Continue reading CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`
A few months ago we announced some exciting ecosystem updates to Nexus Lifecycle. Today, I’m happy to expand upon that with the news of even more ecosystem coverage added to Nexus Lifecycle, as well as some new additions to Nexus Firewall.
T… Continue reading New Language? No Problem. New Ecosystems in Nexus Lifecycle and Nexus Firewall
Wow, is 2019 over? The year has gone by quickly and it’s probably because we have been so busy at Sonatype, continuing to develop new features for the Nexus Platform. Identifying market trends and listening to our customers is what drives th… Continue reading Nexus Platform – 2019 Year in Review
When molten steel is immersed in water it transforms into one of the world’s strongest materials. A resilient software supply chain is no different. Hardened steel requires combining alloys; a hardened software supply chain requires combinin… Continue reading Gartner: Mitigate Risk By Hardening the Software Supply Chain