SBN

Scale Developer Security with  Expanded Nexus Platform Features

We are in the midst of a wave of low-cost, high damage techniques by hackers in the wild. Bad actors are finding easy, inventive, and well-disguised ways around common security measures by targeting the open source building blocks of software. These include typosquatting, dependency confusion, and malware injection, of which Sonatype’s automated malware detection has caught upwards of 63,000 packages to date. 

Some attacks are even tailor-made for their targets’ development tools.  

Engineering teams need to get ahead of bad actors, so we’ve introduced new features and enhanced the identification of malicious code early in the software development lifecycle. Teams need to address security concerns and legal liability without slowing down – we’re giving them the tools to do just that. 

New Capabilities In the Nexus platform 

With our latest Nexus platform update, we’re: 

  • Extending Nexus Firewall’s automated malware and early warning detection to the Python ecosystem.
  • Improving detection and blocking of hidden text encoding attacks and other malicious components.
  • Helping you focus on the safest component possible with an industry-first feature that identifies potentially malicious components, guiding you to the most up-to-date package that isn’t suspicious. 
  • Protecting your JFrog Artifactory Enterprise from known and unknown open source risk with Nexus Firewall’s expanded support to include not just Artifactory Pro, but also now Artifactory Enterprise.
  • Enabling broad sharing of vulnerability reports, with detailed component pages including insights about package usage and severity, available to your extended team without a Nexus login.

Suspicious Package Blocking for PyPi

Over the last few years, we have seen exponential growth in the number of dependency confusion and typosquatting attacks, as documented within our Vulnerability Timeline. It’s clear from history that developers will remain the primary target for bad actors in 2022.

To address this, Sonatype is extending (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Chris Good. Read the original post at: https://blog.sonatype.com/scale-developer-security-with-expanded-nexus-platform-features