The Central Repository - Tagged - Security Boulevard

Why Namespacing Matters in Public Open Source Repositories

Yesterday we saw the disclosure of a report showing how a security researcher was able to successfully infiltrate 35+ name brand companies, primarily via npm. Ironically, the mechanism used to perpetrate the ...

The Central Repository Stands to Support Sailors from Bintray – 3 steps to take now to protect your builds from failing

The shutdown of Bintray and JCenter comes as a rough entry in the 2021 Bingo card for many developers - most Android projects as well as Gradle and many others publish their ...

What Publishers Need to Know About Migrating from JCenter / Bintray to The Central Repository

We know the news about JFrog sunsetting Bintray/JCenter has been unsettling for many. Our goal is to make the migration to The Central Repository as easy as possible - whether you're just ...

Dear Bintray and JCenter Users – Here’s What You Need to Know About The Central Repository

If you’re freaking out because JFrog announced it's sunsetting Bintray and JCenter, and are concerned about moving your Java components into The Central Repository, I want to first and foremost say - ...

Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community

On January 7th, Sonatype became aware of 3 malicious brandjacking components which were published to the Maven Central Repository in the last week of 2020.  ...
The economics of open source by C J Silverio | JSConf EU 2019

Microsoft Acquires npm: A Healthy Move for Critical Public Infrastructure

Today, news broke that GitHub and its parent company Microsoft, acquired npm and its public repository of open source JavaScript packages. In 2018 when Microsoft acquired Github, many in the developer community ...

Helm & Nexus: Steering Towards Faster Deployments in Nexus 3.21

The Nexus team is fully rigged as we steer into a big year for new features and releases in 2020! We are excited to announce the official release of Nexus Repository 3.21, ...

The Central Repository is Moving to HTTPS

As stewards of Maven Central, Sonatype is responsible for hosting and transmitting a disproportionately high volume of the Java ecosystem’s open-source components. In the month of November 2019 alone, total requests to ...

Removing Search Guard from the Central Repository

We at Sonatype take our responsibility as stewards of the Central Repository (Central) very seriously, and for well over a decade we have been dedicated to the ideal of immutability when it ...