Share:
FULTON, Md., March 16, 2021 (GLOBE NEWSWIRE) Sonatype, the leader in developer-friendly tools for software supply chain management and security, today unveiled the next-generation Nexus platform offering customers full-spectrum control of the cloud-native software development lifecycle including: third-party open source code, first-party source code, infrastructure as code (IaC), and containerized code. As software development teams race forward to deliver new digital innovations, software supply chain management and security has been ushered to center stage, says Wayne Jackson, CEO, Sonatype. Over the past six months, we ve been working hard to expand our Nexus platform to deliver full-spectrum support to all application building blocks not just open source and truly enable developer productivity. As developers take on more responsibility for containers, code, and infrastructure, our mission is to make their lives easier while they make great software.
Just who is running your favourite project these days?
Joseph Martins Wed 17 Feb 2021 // 20:00 UTC Share
Copy
Sponsored In November 2020, the JavaScript registry npm flashed a security advisory that a library called twilio-npm harboured malicious code which could backdoor any machine it was downloaded to. Perhaps the most troubling aspect of this tale is that this was the seventh such malicious package found on npm within a month, a stark illustration of the effort that cybercriminals are making to insert themselves into the open source software supply chain.
Between February 2015 and June 2019, 216 such Next Generation Software Supply Chain Attacks were recorded, according to Sonatype’s State of the Software Supply Chain Report, 2020. From July 2019, to May 2020, the number shot up to 929. Attacks jumped 430 per cent between 2019 and 2020.