Original post on sigmoid.social

#Sonatype is at it again: after rendering their supposedly "OSS" Nexus repository server useless for anything but tiny installations, they now want to put the "OSS Index" behind a paywall.

If you run any kind of sensible CI/CD, you've probably come across this index before, as it helps you […]

What Does The Sonatype 2026 State of the Software Supply Chain Report Reveal? Programming book reviews, programming tutorials,programming news, C#, Ruby, Python,C, C++, PHP, Visual Basic, Computer book reviews, computer history, programming history, joomla, theory, spreadsheets...

What Does The #Sonatype 2026 State of the Software Supply Chain Report Reveal?-
" Sonatype has released this year's report with a number of interesting findings. Let's dig into it."
On IProgrammer: cutt.ly/itne2PAs

#devsecops #sbom #softwaresupplychain #cybersecurity #OSSSecurity @openssf.org

Sonatype: Open-source consumption jumps 67% In 2025, open-source consumption hit 9.8 trillion downloads across the four largest registries—a 67 percent increase year-over-year.

"Package repositories and the software housed within them are critical assets that need support if they hope to continue providing services to the developers and consumers using them.” #sonatype #opensource #appsec #devsecops #infosec #developers #cybersecurity #technology

Years-Old Vulnerable Apache Struts 2 Versions See 387K Weekly Downloads Over 387,000 users downloaded vulnerable Apache Struts versions this week. Exclusive Sonatype research reveals a high-risk flaw found by AI. Is your system at risk?

US cyber progress isn’t stalled — it’s evolving Beneath the policy layer, the technical and strategic modernization of U.S. cybersecurity is actually accelerating faster than ever. The post US cyber progress isn’t stalled — it’s evolving first appeared on Federal News Network.

Sonatype Guide brings DevSecOps to AI coding Sonatype Guide aims to secure AI coding workflows, aligning generation speed and increased productivity with DevSecOps safety.

By embedding curated intelligence directly into the AI workflow, developers can mitigate the “hallucination” problem while preserving the velocity that AI tools provide. #sonatype #devsecops #cybersecurity #developers #ai #tech #news #technology

Original post on sonatype.com

Why the World's Vulnerability Index Cannot Keep Up The Common Vulnerabilities and Exposures (CVE) system has been called the backbone of modern cybersecurity. For decades, it's been the sha...

#vulnerabilities #CVE #nvd #security #research […]

[Original post on sonatype.com]

verbose output of the log analyzer, showing two tables: one with most used package formats and another one with the top three IP addresses accessing the repository in order to access maven artifacts.

Since version 3.77, #Sonatype has enforced hard limits for the community edition of #NexusRepository. If these limits are exceeded, certain functions are disabled and you have to purchase a commercial license.

We are currently in this situation, which is why […]

[Original post on sigmoid.social]

Fortifying Your Container Supply Chain with Docker + Sonatype Thursday, September 25, 2025 at 10:30 AM Eastern Daylight Time.

Protect your container supply chain from vulnerabilities and compliance drift.
Join Docker + Sonatype on Sept 25 for a virtual, live webinar & learn how to block risky images before they enter pipelines.
Register: event.on24.com/wcc/r/5074952/A38FBA1C18...
#Sonatype

Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship An Open Letter from the Stewards of Public Open Source Infrastructure Over the past two decades, open source has revolutionized the way software is developed. Every modern application, whether written...

Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship An Open Letter from the Stewards of Public Open Source Infrastructure Over the past two decades, open source has revolutionized the way software is developed. Every modern application, whether written...

Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship An Open Letter from the Stewards of Public Open Source Infrastructure Over the past two decades, open source has revolutionized the way software is developed. Every modern application, whether written...

Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship An Open Letter from the Stewards of Public Open Source Infrastructure Over the past two decades, open source has revolutionized the way software is developed. Every modern application, whether written...

Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship An Open Letter from the Stewards of Public Open Source Infrastructure Over the past two decades, open source has revolutionized the way software is developed. Every modern application, whether written...

Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship An Open Letter from the Stewards of Public Open Source Infrastructure Over the past two decades, open source has revolutionized the way software is developed. Every modern application, whether written...

Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship An Open Letter from the Stewards of Public Open Source Infrastructure Over the past two decades, open source has revolutionized the way software is developed. Every modern application, whether written...

Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship An Open Letter from the Stewards of Public Open Source Infrastructure Over the past two decades, open source has revolutionized the way software is developed. Every modern application, whether written...

Would anyone in the #Java and #Maven bubble know whether I can get download statistics out of the new #Central publishing portal like I was able to with the old #Sonatype?

Sonatype uncovers global espionage campaign in open source ecosystems

⚠️ Trust in open source is under attack.
Sonatype uncovered 234 Lazarus Group packages in
npm/PyPI — designed to steal secrets & infiltrate CI/CD.

📦 36,000+ potential victims
🛡️ OSS must be hardened. Dev tools are now a digital war front.

#OpenSource #Malware #DevSecOps #LazarusGroup #Sonatype

Original post on helpnetsecurity.com

Open source has a malware problem, and it’s getting worse Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems s...

#Don't #miss #News #cybersecurity #malware #open […]

[Original post on helpnetsecurity.com]

OSSRH Sunset Announcement

OSSRH Sunset Announcement: The OSSRH service will reach end-of-life on June 30th, 2025

#maven #mavencentral #ossrh #sonatype

central.sonatype.org/ne...

Original post on helpnetsecurity.com

Development vs. security: The friction threatening your code Developers are driven to deliver new...

www.helpnetsecurity.com/2025/06/03/developer-sec...

#News #application #security #cybersecurity #DevSecOps #Endor #Labs #GitLab […]

[Original post on helpnetsecurity.com]

Sonatype Nexus Repository 3.78.0 - 3.78.2 Release Notes

> Sonatype Nexus Repository is now packaged as a single "uber-jar," simplifying deployment and dependency management.

Still not sure why people like that mode, it has only runtime and security management drawbacks...

help.sonatype.com/en/sonatype-...

#sonatype #java #spring

#boycottJfrog they support what Israel is doing in #Gaza. They support #genocide. Here are the alternatives to their products

- #sonatype nexus
- #snyk
- azure, gcp, aws container registries

In all cases, the other solutions are cheaper. Don’t use #jfrog products

Sonatype at RSAC 2025 Highlights from RSA Conference 2025: AI risk, open source malware, and new protections with Sonatype Repository Firewall and Zscaler.

Sonatype at RSAC 2025 The RSA Conference (RSAC) is always a major event for the cybersecurity com...

https://www.sonatype.com/blog/sonatype-at-rsac-2025

#RSA #Conference #rsac #Sonatype #Repository #Firewall #artificial #intelligence #open #source #malware

Result Details