Resource articles

Nexus Team - Featured Image

Nexus Repository OSS 3.0.2 Release

Nexus Repository OSS 3.0.2 Release

The Nexus team is pleased to announce Nexus Repository OSS 3.0.2. We’re rolling out support for two popular formats: PyPI and RubyGems, in addition to a raft of bug fixes. This brings the family of freely available formats in Nexus Repository 3 to eight: Bower, Docker, Maven 2, npm, NuGet, PyPI, ‘Raw’ site repositories, and

2016 State of the Software Supply Chain Report

2016 State of the Software Supply Chain Report Released

The 2nd Annual State of the Software Supply Chain Report has been released, containing information on open source download patterns from over 3000 organizations. The report is a Sonatype research project, analyzing data from over 31 billion downloads from the Central Repository and other open source repositories. Listen to the OWASP 24/7 Podcast below to

Nexus Repository Manager OSS 3.0 - Featured Image

A Dozen Reasons Why Nexus Repository 3.0 Kicks Ass

With the release of Nexus Repository Manager OSS 3.0, you might be wondering if it is worth checking out. In my opinion there is no reason not to, since it can be done easily. More importantly, there are lots of reasons to have a look: 01: Installer and archives Installing the repository is easier than

npm-gate - featured image

npm gate – Lessons Learned Again

The recent events in the world of JavaScript developers and npm definitely caused a storm on twitter and the internet in general. If you want to find out more around the kik package, the trademark threats, the unpublishing of the left-pad package and the resulting breakage of packages and builds everywhere, check out this recap.

Deserialization - Featured Image

The Latest Victim of Deserialization-Gate

Last week the world was hit with what can be awarded the Vulnerability Of The Day for Java – the commons-collections deserialization vulnerability. The latest victim of the continued series of vulnerabilities comes from the Spring project with an implicating class that allows the same unsafe deserialisation vector in the spring-core. What makes this issue particularly

Java Deserialization

Did you wake up to an alert about the Java Deserialization vulnerability?

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you have no idea what I’m talking about, stop now and go read this factual and un-sensationalized account of the situation. I’ll wait. Ok, now

Nexus Engineering Team

What’s up Doc(ker): Nexus Repository Manager v3 Milestone 6 Release

We, on the Nexus team, are pleased to announce the arrival of the Nexus Repository Manager v3 Milestone 6 release! What’s new Milestone 6 of the Nexus Repository Manager v3 includes:   improvements to our Docker repository format capabilities that include the v2 format the addition of npm repository format capabilities, including the ability to

Top