FEATURED
Discord squashes critical Electron bugs: open source attacks continue to grow
My colleague has two kids, ages 9 and 12. Since the COVID lockdowns they have been playing more online games and each of them use Discord to chat with their friends during ...
Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management
In recent years, we at Sonatype have dedicated an extensive amount of time to studying enterprise development teams, open source projects, and how everything in the OSS ecosystem works together. In fact, ...
Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web
Sonatype researchers discovered and confirmed the presence of two new vulnerable npm packages. Sonatype’s discovery was initially made by its malicious code detection bots. By applying machine learning and artificial intelligence to ...
Average CCNA salary 2020
Introduction The CCNA (Cisco Certified Network Associate) is one of the most well-known entry-level certifications within the IT industry. Holding this credential proves your ability to install,... Go on to the site ...
Nexus on the Ascent
Heading into this year, JFrog questioned the future of the Nexus Platform following news of Sonatype being acquired by Vista - sensing “tremors” on the horizon. The “tremors” were simply fabrications from ...
CMMC Level 3 Control – Email Sandboxing (SI.3.220)
An overview for this control states an organization should utilize sandboxing to detect or block potentially malicious email. The action can prevent malicious files from entering the network and should be document ...
Announcing the NeuVector & Sonatype Nexus Lifecycle Integration: Securing Containers Across the SDLC
It’s no secret that container usage has increased rapidly in the last few years. As reported in our 2020 State of the Software Supply Chain Report, “Pulls of container images topped 8 ...
Nexus as a Container Registry
Over the last decade, developers have experienced a shift in the way applications and the underlying operating system are packaged and deployed. The rise in usage of Docker containers and Kubernetes (K8s), ...
Inside the “fallguys” malware that steals your browsing data and gaming IMs; Continued attack on open source software
This weekend a report emerged of mysterious npm malware stealing sensitive information from Discord apps and web browsers installed on a user’s machine ...
Improved component choice and remediation with improved data – all for free!
Sonatype’s OSS Index is a free catalog of open source components and scanning tools used by developers worldwide to help identify vulnerabilities, understand risk, and keep their software safe. We’ve decided to ...
