Sonatype Blog
Conversations about software supply automation, devsecops, open source, continuous delivery, and application security.
How to use Repository Health Check 2.0
This is a quick tutorial on how to get started with Repository Health Check (RHC) 2.0, available in Sonatype Nexus Repository Manager 3.3 ...
Cyber Resilience Act: The Future of Software in the European Union
Aaron Linskens | | EU Cyber Resilience Act, News and Views, open source, Open source governances, secure software supply chain
Representatives of member states of the European Union (EU) reached a common agreement yesterday regarding the proposed Cyber Resilience Act (CRA) ...
“Quoi…? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer
We’ve got a rather interesting malicious finding this month to talk about, the one that mixes a meme with malware ...
A Closer Look: Differentiating Software Vulnerabilities and Malware
Aaron Linskens | | DevZone, malware prevention, open source, software supply chain, Sonatype Lifecycle, Sonatype Repository Firewall, Vulnerabilities
In today’s interconnected digital world, vulnerabilities and malware in open source software pose significant threats to the security and integrity of your software supply chain. While these two terms may appear synonymous ...
npm Manifest Confusion – What Is It and Do You Really Need to Worry About It?
Yesterday, Darcy Clarke, a software developer and a former npm CLI team Engineering Manager, steered everyone’s attention towards a gap in the npm registry website – what he calls “manifest confusion.” ...
How to Measure the Maturity of Your Software Supply Chain
Aaron Linskens | | Application Security, devops frameworks, DevZone, News and Views, software supply chain
In today's fast-paced software development landscape, organizations face rising challenges to ensure the security, quality, and reliability of the software they deliver. Your software supply chain plays a pivotal role in meeting these ...
PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers
This month, Sonatype’s automated malicious open source and malware detection systems flagged hundreds of malicious packages, 10 of which we have analyzed in this blog post ...
How to Improve Your Software Supply Chain with a Software Security Framework
Just like a car manufacturer must ensure every component that goes into their vehicles is safe and reliable, you should ensure all of the components in the software you produce are secure ...