As you may have seen, we at Sonatype have been following the SolarWinds' software supply chain security breach closely. We've simultaneously been reviewing and analyzing our own environments to confirm we are not impacted by this security vulnerability. Though we are continuing to monitor the situation and our investigation is ongoing, we can confirm that we do not use the SolarWinds Orion platform nor have we found any evidence of the existence of the Sunburst vulnerability within our own product offerings.
The security of our customers and community is a top priority for us. As such, we've taken additional steps to block Indicators of Compromise (IOCs) associated with this advisory and are working with our critical third-party vendors to ensure they are closely monitoring this situation and keeping us apprised of any developments related to this security incident. We will provide further updates should our own investigations or any investigations with our third-party vendors warrant additional information.
You can read the full advisory here https://www.solarwinds.com/securityadvisory.
If you have additional questions reach out to security@sonatype.com
As always, if you have any questions regarding the security of your software supply chain, we are here to help and you can contact us here.