sonatype Archives - Developer Tech News

Sonatype reveals DevOps and SecOps leaders’ views on generative AI

Ryan Daws — Tue, 12 Sep 2023 13:22:22 +0000

While the tech community remains divided on the potential of generative AI tools, there’s a consensus that their impact on the industry is comparable to the adoption of cloud technology. Software engineers are harnessing generative AI to explore libraries, create new code, and enhance their development process, while application security professionals employ it for code... Read more »

The post Sonatype reveals DevOps and SecOps leaders’ views on generative AI appeared first on Developer Tech News.

Malicious PyPI package discovered in ongoing ‘PaperPin’ campaign

Ryan Daws — Fri, 04 Aug 2023 11:05:45 +0000

In a recent analysis conducted by Sonatype, a malicious Python Package Index (PyPI) package named ‘VMConnect’ was discovered masquerading as the legitimate VMware vSphere connector module ‘vConnector’. The counterfeit package was found to contain sinister code designed to compromise users’ systems. Further investigation revealed an ongoing campaign involving additional packages like “ethter” and “quantiumbase,” all... Read more »

The post Malicious PyPI package discovered in ongoing ‘PaperPin’ campaign appeared first on Developer Tech News.

Sonatype uncovers further malicious PyPI and npm packages

Ryan Daws — Fri, 23 Jun 2023 15:47:27 +0000

Sonatype continues to uncover a significant number of malicious packages within the PyPI and npm software registries. Among the flagged packages were several Python packages published on PyPI, masquerading as legitimate libraries named after the popular npm “colors” library. The malicious packages, including names such as “broke-rcl,” “brokescolors,” and “trexcolors,” exclusively targeted the Windows operating... Read more »

The post Sonatype uncovers further malicious PyPI and npm packages appeared first on Developer Tech News.

80% of Spring framework downloads are exploitable versions

Ryan Daws — Tue, 05 Apr 2022 11:55:01 +0000

Data from Sonatype suggests that 80 percent of weekly Spring framework downloads are still exploitable versions. Spring is a mighty popular framework—often ranking in the top three most-used Java frameworks. That’s why the Java developer community was shaken when a vulnerability named Spring4Shell (CVE-2022-22965) was leaked by a security researcher ahead of an official CVE... Read more »

The post 80% of Spring framework downloads are exploitable versions appeared first on Developer Tech News.

Sonatype analysis reveals a 73 percent surge in open-source demand

Ryan Daws — Wed, 15 Sep 2021 13:22:58 +0000

A report from Sonatype has revealed a 73 percent surge in the demand for open-source despite a year of high profile vulnerabilities. The growing use of open-source to keep up with the pace of modern development makes it a prime target for cybercriminals. We’ve seen this multiple times in practice over the past year with... Read more »

The post Sonatype analysis reveals a 73 percent surge in open-source demand appeared first on Developer Tech News.

Sonatype Lift uses deep code analysis to suggest bug fixes

Ryan Daws — Thu, 17 Jun 2021 15:21:21 +0000

Sonatype has launched a new deep code analysis platform called Lift which can detect a wide range of bug types. Lift detects bugs ranging from style issues to complex coding errors commonly found in first-party source code and third-party open source libraries. Research from Veracode last year found that open-source libraries cause security flaws in... Read more »

The post Sonatype Lift uses deep code analysis to suggest bug fixes appeared first on Developer Tech News.

Sonatype: COVID-19 causes 28% drop in UK software development

Ryan Daws — Thu, 21 May 2020 13:00:49 +0000

New research from Sonatype suggests COVID-19 has caused a 28 percent drop in UK software development. COVID-19 has gripped countries around the world and grinded their economies to a halt. Britain’s furlough scheme – seeing the state pay 80% of people’s wages – has prevented the level of job losses seen in many countries, but... Read more »

The post Sonatype: COVID-19 causes 28% drop in UK software development appeared first on Developer Tech News.