Collaborate Disseminate
The Sonatype Nexus IQ plugin can now evaluate and analyze Javascript/Node components in your projects. This functionality is now available for IntelliJ IDEA, in use by an estimated 82% of Java developers as of 2020. IntelliJ IDEA is a feature-ri… Continue reading Javascript Scanning Now Supported In Jetbrains IDEs: Intellij IDEA, Webstorm, and More
Because companies are defined by their customers, we connected with IT Central Station for real user experiences with Sonatype’s Nexus Lifecycle and Nexus Firewall. Our second in the series, we first looked at benefits of data quality to Software … Continue reading Effective Tools for Software Composition Analysis
Has anyone ever asked you where all of your applications were located; and your response was “Somewhere in GitHub?” We know that feeling too.
The post Onboarding Nexus Lifecycle Through SCM appeared first on Security Boulevard.
Continue reading Onboarding Nexus Lifecycle Through SCM
Today, we’re excited to announce a partnership with Fugue to bring cloud security and compliance into development work streams, helping your teams build, deploy, and manage secure applications in today’s popular cloud-native environments.
The pos… Continue reading Open Source and Cloud Security Together at Last
My colleague has two kids, ages 9 and 12. Since the COVID lockdowns they have been playing more online games and each of them use Discord to chat with their friends during gameplay. Did my colleague or the millions of other Discord users think t… Continue reading Discord squashes critical Electron bugs: open source attacks continue to grow
In recent years, we at Sonatype have dedicated an extensive amount of time to studying enterprise development teams, open source projects, and how everything in the OSS ecosystem works together. In fact, in a two-year-long study with Gene Kim and … Continue reading Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management
Today we’re going to talk about letters, as in the alphabet.
Did you ever see the Friends episode where Joey can’t afford an entire set of encyclopedias, so he just buys the one with the letter “V” and tries to steer every conversation to V words… Continue reading GitLab: instant, inline, indispensable developer insights
It’s no secret that container usage has increased rapidly in the last few years. As reported in our 2020 State of the Software Supply Chain Report, “Pulls of container images topped 8 billion for the month of January. This means annualized image p… Continue reading Announcing the NeuVector & Sonatype Nexus Lifecycle Integration: Securing Containers Across the SDLC
In addition to regular vulnerability data research, the Sonatype Security Research Team also contributes to the open-source community by going the extra mile when we discover flaws that were previously not reported. Recall, earlier this year when … Continue reading CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`
We’ve been working to integrate component intelligence from Nexus Lifecycle directly into source control management (SCM) systems so that developers can choose the best open source components and build secure applications from the start.
The… Continue reading Hitting the Trifecta with GitLab Automated Merge Requests