Ongoing npm Software Supply Chain Attack Exposes New Risks
Sonatype uncovers a wormable npm software supply chain attack compromising over 180 packages, following S1ngularity and Chalk/Debug campaigns.| www.sonatype.com
Trusted intelligence and automated governance to build faster and safer with OSS and AI. From the maintainers of Maven Central and Nexus Repository.| www.sonatype.com
Sonatype uncovers a wormable npm software supply chain attack compromising over 180 packages, following S1ngularity and Chalk/Debug campaigns.| www.sonatype.com
Map the automation opportunities into your software development lifecycle as part of coordinated strategies to shift security left.| www.sonatype.com
Understand how Software Composition Analysis can eliminate risks to projects for open source software. Read the full guide to learn more.| www.sonatype.com
Learn how a source code repository can help dev teams organize code, collaborate, and track changes to improve software development workflows.| www.sonatype.com
Explore the advantages and challenges of the Software Development Life Cycle (SDLC) plus best practices for effective software development and maintenance.| www.sonatype.com
Learn about evolving malware threats, proactive defense strategies, and the role of software composition analysis to protect your development processes.| www.sonatype.com
Learn what open source vulnerabilities are, their impact, and how open source vulnerability management tools can reduce your business’s risk exposure.| www.sonatype.com
DevOps accelerates innovation through collaboration and frequent releases.| www.sonatype.com
Discover the power of Software Analysis with The Forrester Wave™. Uncover hidden insights and optimize your software supply chain security.| www.sonatype.com
Simplify Software Bill of Materials compliance while cataloging, enhancing, and monitoring effortlessly with SBOM Manager. Learn more!| www.sonatype.com
Sonatype’s SDLC security solutions integrate with IDEs, CI/CD, and DevSecOps tools for faster development and seamless software supply chain security.| www.sonatype.com
Get a complete overview of different open source risks so that you can better defend against software supply chain attacks.| www.sonatype.com
Learn how software supply chains work, the risks of software supply chain security vulnerabilities, and how to manage software dependencies securely.| www.sonatype.com
A software bill of materials (SBOM) lists all packages and libraries included in an application. Learn how SBOMs make software supply chains more secure.| www.sonatype.com
Understand and manage the software dependencies in your software supply chain.| www.sonatype.com
Learn about the danger of open source malware and software vulnerabilities in Sonatype's Open Source Malware Resource Hub.| www.sonatype.com
Sonatype's automated malware detection systems identified a malicious PyPI package called crytic-compilers, connected to Russia-linked Lumma Windows stealer, and named very closely after a well-known legitimate Python library that is used by cryptocurrency developers.| www.sonatype.com
Explore our 10th Annual State of the Software Supply Chain Report to gain insights on open source consumption, growing risks, and development efficiency.| www.sonatype.com
Learn about a targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian.| www.sonatype.com
Unite security and developers to accelerate digital innovation without sacrificing security or quality across the software supply chain with Sonatype.| www.sonatype.com
Automatically find and fix open source vulnerabilities at every stage of the SDLC. Learn how Sonatype Lifecycle can help deliver quality code fast.| www.sonatype.com
Manage components, binaries & build artifacts across your software supply chain. Your single source of truth to store & distribute software quickly & reliably.| www.sonatype.com
Protect your code from unknown risks with superior open source firewall software. Learn how to stop malicious open source components from entering your SDLC.| www.sonatype.com
The wave of security vulnerabilities and exploitation affecting Log4shell continues to be a serious concern. We developed a one stop shop of Log4j resources.| www.sonatype.com
View the history of software supply chain attacks, open source components analyzed by Sonatype| www.sonatype.com
