Are you running an instance of Nexus Repository Manager 2.x on Java 7? If so, it’s time to upgrade your JVM to Java 8.

Yesterday at noon BST a new github issue was opened in the popular eslint repository on github. Someone had highjacked this package and published a version that attempts to download malicious javascript code from pastebin and then collects and sends out the user's npmrc token (a token used to authenticate with a remote repository) to the perpetrator.

In IT it is especially easy to get caught up in the How of just about any facet of our work. It all seems so mechanical, just tell me what tools to use and how you want it architected and we can go bang out a solution, it's what we do. DevOps and DevSecOps have been no different as we tend to focus on the CI/CD pipelines and which tools to integrate into it. Hopefully this article will ground us in what DevOps is when we pull back the curtain and why that matters.