Removing Search Guard from the Central Repository

We at Sonatype take our responsibility as stewards of the Central Repository (Central) very seriously, and for well over a decade we have been dedicated to the ideal of immutability when it comes to serving components to the community that relies on Central. As the stewards of Central, it has ... Read More

Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security

Over the last several years, we’ve been raising awareness of breaches to popular open source software components and the worrying trend that they are more frequently being attacked at the source - bad actors are growing bolder and the velocity of attacks increasing. Last month, the RubyGems strong_password component was ... Read More

Anonymous Access In Nexus Repository is Not A Zero-Day Vulnerability

In March, a researcher from Twistlock contacted us about two issues he identified, stemming from user access settings. As with any disclosure, we immediately looked into it ... Read More