Community Product
Helping The Open Source Community Find, Fix, and Remediate Log4j
Approx read time: 3.3 mins In light of the wave of security vulnerabilities and exploitation affecting Log4j, we here at Sonatype have been working to keep on top of the ever-evolving situation ...
Why Namespacing Matters in Public Open Source Repositories
Yesterday we saw the disclosure of a report showing how a security researcher was able to successfully infiltrate 35+ name brand companies, primarily via npm. Ironically, the mechanism used to perpetrate the ...
The Central Repository Stands to Support Sailors from Bintray – 3 steps to take now to protect your builds from failing
The shutdown of Bintray and JCenter comes as a rough entry in the 2021 Bingo card for many developers - most Android projects as well as Gradle and many others publish their ...
What Publishers Need to Know About Migrating from JCenter / Bintray to The Central Repository
We know the news about JFrog sunsetting Bintray/JCenter has been unsettling for many. Our goal is to make the migration to The Central Repository as easy as possible - whether you're just ...
Dear Bintray and JCenter Users – Here’s What You Need to Know About The Central Repository
If you’re freaking out because JFrog announced it's sunsetting Bintray and JCenter, and are concerned about moving your Java components into The Central Repository, I want to first and foremost say - ...
Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community
On January 7th, Sonatype became aware of 3 malicious brandjacking components which were published to the Maven Central Repository in the last week of 2020. ...
Improved component choice and remediation with improved data – all for free!
Sonatype’s OSS Index is a free catalog of open source components and scanning tools used by developers worldwide to help identify vulnerabilities, understand risk, and keep their software safe. We’ve decided to ...
Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree
If you've been immersed in the Node.js/JavaScript community for awhile, or even if you are just getting started, you are likely using npm audit to scan package dependencies in your projects. It's ...
Sonatype Rolls Out Enhanced JavaScript Scanning, npm Automated Pull Requests & More Free JS Developer Tools
We’ve recently rolled out enhanced support for JavaScript that provides developers with improved accuracy, increased policy control, and faster remediation of open source vulnerabilities across the entire software development lifecycle. Our enhancements ...
