Javascript Scanning Now Supported In Jetbrains IDEs: Intellij IDEA, Webstorm, and More

The Sonatype Nexus IQ plugin can now evaluate and analyze Javascript/Node components in your projects. This functionality is now available for IntelliJ IDEA, in use by an estimated 82% of Java developers as of 2020. IntelliJ IDEA is a feature-ri… Continue reading Javascript Scanning Now Supported In Jetbrains IDEs: Intellij IDEA, Webstorm, and More

Effective Tools for Software Composition Analysis

Because companies are defined by their customers, we connected with IT Central Station for real user experiences with Sonatype’s Nexus Lifecycle and Nexus Firewall. Our second in the series, we first looked at benefits of data quality to Software … Continue reading Effective Tools for Software Composition Analysis

Open Source and Cloud Security Together at Last

Today, we’re excited to announce a partnership with Fugue to bring cloud security and compliance into development work streams, helping your teams build, deploy, and manage secure applications in today’s popular cloud-native environments. 
The pos… Continue reading Open Source and Cloud Security Together at Last

Discord squashes critical Electron bugs: open source attacks continue to grow

My colleague has two kids, ages 9 and 12.  Since the COVID lockdowns they have been playing more online games and each of them use Discord to chat with their friends during gameplay.  Did my colleague or the millions of other Discord users think t… Continue reading Discord squashes critical Electron bugs: open source attacks continue to grow

Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management

In recent years, we at Sonatype have dedicated an extensive amount of time to studying enterprise development teams, open source projects, and how everything in the OSS ecosystem works together. In fact, in a two-year-long study with Gene Kim and … Continue reading Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management

GitLab: instant, inline, indispensable developer insights

Today we’re going to talk about letters, as in the alphabet. 
Did you ever see the Friends episode where Joey can’t afford an entire set of encyclopedias, so he just buys the one with the letter “V” and tries to steer every conversation to V words… Continue reading GitLab: instant, inline, indispensable developer insights

Announcing the NeuVector & Sonatype Nexus Lifecycle Integration: Securing Containers Across the SDLC

It’s no secret that container usage has increased rapidly in the last few years. As reported in our 2020 State of the Software Supply Chain Report, “Pulls of container images topped 8 billion for the month of January. This means annualized image p… Continue reading Announcing the NeuVector & Sonatype Nexus Lifecycle Integration: Securing Containers Across the SDLC

CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

In addition to regular vulnerability data research, the Sonatype Security Research Team also contributes to the open-source community by going the extra mile when we discover flaws that were previously not reported. Recall, earlier this year when … Continue reading CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

Hitting the Trifecta with GitLab Automated Merge Requests

We’ve been working to integrate component intelligence from Nexus Lifecycle directly into source control management (SCM) systems so that developers can choose the best open source components and build secure applications from the start.
The… Continue reading Hitting the Trifecta with GitLab Automated Merge Requests