blog.sonatype.comNews and Notes from the Makers of Nexus | Sonatype Blog

Back Platform Platform overview Automate your software supply chain security Sonatype Repository Firewall Block malicious open source at the door Sonatype Nexus Repository Build fast with centralized components Sonatype Lifecycle Control open source risk across your SDLC Sonatype SBOM Manager Simplify SBOM compliance and monitoring Integrations Work in the tools, languages, and packages you already use Solutions Integrated Innovation Align dev, security, and ops teams to fuel secure deployment Developers Deliver quality code fast Application Security Manage vulnerability risks Legal & Compliance Enforce policy at scale By Industry Government Financial Services Manufacturing Technology Healthcare Pricing Resources Resources Featured DevOps Downloads Webinar Series Featured State of the Software Supply Chain Blog Webinars Whitepapers & eBooks Launchpad Customer Stories Free Tools Sonatype Repository OSS Sonatype Vulnerability Scanner Sonatype OSS Index Customer Resources Training & Workshops Documentation Support Partners Become a Partner Join our extensive Sonatype Partner Network Find a Partner Find and connect with a certified Sonatype partner Company About Explore our software supply chain management story Careers Innovate with us—explore opportunities at Sonatype Events Attend in-person or virtual learning events Newsroom Keep up to date on Sonatype in the news Contact Let’s talk software supply chain Book a DemoBook a Demo Book a Demo Featured Article Devs flood npm with 15,000 packages to reward themselves with Tea ’tokens’ By Ax Sharma on April 16, 2024 vulnerabilities The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging Read More SHARE: Filter by: News & Views Product DevSecOps Open Source AppSec Vulnerabilities READ MORE Sonatype Lifecycle best practices: Reference policies, backup and restore By Aaron Linskens on May 07, 2024 backup 5 minute read time Explore how Sonatype Lifecycle offers powerful capabilities to enhance security with effective reference policies and robust backup and restore processes Read More... READ MORE The impact of automating open source dependency management By Jamie Coleman on May 03, 2024 dependencies 5 minute read time Learn about the automation benefits of software dependency management from the experience of developers working in a heavily regulated industry Read More... READ MORE Sonatype Lifecycle best practices: Getting started and managing SBOMs By Aaron Linskens on April 25, 2024 software bill of materials 5 minute read time Sonatype Lifecycle enables you to control known and unknown risks by automating and optimizing the security and management of software supply chains. Read More... READ MORE DevOps pioneers navigate organizational transformation By Aaron Linskens on April 18, 2024 Devops 4 minute read time Read about Sonatype’s DevOps Download webinar with Gene Kim who discusses how DevOps pioneers are catalyzing significant shifts within organizations Read More... READ MORE Devs flood npm with 15,000 packages to reward themselves with Tea ’tokens’ By Ax Sharma on April 16, 2024 vulnerabilities 7 minute read time The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging Read More... READ MORE The essential duo of SCA and SBOM management By Aaron Linskens on April 12, 2024 software bill of materials 5 minute read time Explore software composition analysis (SCA) and software bill of materials (SBOM) management and why both help fortify software projects against threats Read More... READ MORE Automating and maintaining SBOMs By Mahesh Raj Mohan on April 05, 2024 software bill of materials 4 minute read time Explore strategies for automating software bills of materials (SBOMs) management, focusing on the enhancement of operational efficiency and compliance Read More... READ MORE CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma By Ilkka Turunen on April 01, 2024 Software Supply Chain 11 minute read time Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks Read More... READ MORE SBOM, VDR, and Maven: Transforming the Apache Logging experience to a common pattern By Hervé Boutemy on March 29, 2024 vulnerabilities 8 minute read time CycloneDX Maven Plugin helps publish software bills of materials (SBOMs) and vulnerability disclosure reports (VDRs) and benefits open source projects Read More... Next Secure your software supply chain Explore Platform Get Started Platform Overview Firewall Repository Lifecycle SBOM Manager Integrations Pricing Other Products Container Auditor Advanced Legal Pack Lifecycle Foundation Solutions By Role Integrated Innovation Developers Application Security Legal & Compliance By Industry Government Financial Services Manufacturing Technology Healthcare Community Free tools Nexus Repository OSS Sonatype Vulnerability Scanner Sonatype OSS Index Resources Launchpad Log4j Updates Blog Whitepapers & eBooks Webinars Customer Stories Partners Find a Partner Become a Partner Amazon Web Services (AWS) Red Hat OpenShift Customer Portal Training & Workshops Documentation My Sonatype Customer Support Company About Careers Newsroom Investors Contact Press Kit Trust Center Subscribe for all the latest software security news and events Terms of Service Privacy Policy Modern Slavery Statement Event Terms and Conditions Do Not Sell My Personal Information Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective...