Ongoing npm Software Supply Chain Attack Exposes New Risks
Sonatype uncovers a wormable npm software supply chain attack compromising over 180 packages, following S1ngularity and Chalk/Debug campaigns.| www.sonatype.com
Trusted intelligence and automated governance to build faster and safer with OSS and AI. From the maintainers of Maven Central and Nexus Repository.| www.sonatype.com
Sonatype uncovers a wormable npm software supply chain attack compromising over 180 packages, following S1ngularity and Chalk/Debug campaigns.| www.sonatype.com
Learn what open source vulnerabilities are, their impact, and how open source vulnerability management tools can reduce your business’s risk exposure.| www.sonatype.com
Simplify Software Bill of Materials compliance while cataloging, enhancing, and monitoring effortlessly with SBOM Manager. Learn more!| www.sonatype.com
Learn about the danger of open source malware and software vulnerabilities in Sonatype's Open Source Malware Resource Hub.| www.sonatype.com
Sonatype's automated malware detection systems identified a malicious PyPI package called crytic-compilers, connected to Russia-linked Lumma Windows stealer, and named very closely after a well-known legitimate Python library that is used by cryptocurrency developers.| www.sonatype.com
Unite security and developers to accelerate digital innovation without sacrificing security or quality across the software supply chain with Sonatype.| www.sonatype.com
Automatically find and fix open source vulnerabilities at every stage of the SDLC. Learn how Sonatype Lifecycle can help deliver quality code fast.| www.sonatype.com
Manage components, binaries & build artifacts across your software supply chain. Your single source of truth to store & distribute software quickly & reliably.| www.sonatype.com
