We are the leader in component lifecycle management.

Our mission is simple – Help the world create trusted applications at the speed of development. As a pioneer in component-based software development we’re committed to securing the software supply chain.

Sonatype has been on the forefront of creating tools to manage, organize, and better secure components since the inception of the Central Repository and Maven in 2001. Last year, over 70,000 companies requested 13 billion+ components from the Maven Central Repository, demonstrating the explosive growth in component-based development. This modern software ecosystem has created a level of complexity that is increasingly hard to manage - and, in fact, this software supply chain has become the new perimeter. Partnering with application developers, security professionals and the open source community, Sonatype has introduced a way to keep pace with modern software development without sacrificing security. We call it Component Lifecycle Management (CLM), the new platform for securing the modern software supply chain.

We believe you can have security at the speed of development and that developers are part of the solution. Through the introduction of CLM we’re improving the visibility, management and security of component-based development across the entire lifecycle. Together with our customers, we’re ushering in a new era of application security.

Learn more about Sonatype. Watch the three minute video.


Jason van Zyl launches Maven & the Central Repository


M2eclipse Plug-in introduced


Maven emerges as a standard

Central reaches 100M


Nexus repository manager introduced to OS community


Sonatype Founded to improve component-based development

Central reaches 1Billion


Sonatype Raises $10M

Maven community reaches 5K developers


Sonatype reaches 350 Customers; raises $25M

Nexus reaches 20K installs, with 70% marketshare

Introduce component intelligence for Nexus


Sonatype receives Codie Award for Best GRC Solution

Central reaches 8 Billion

OWASP adds vulnerable components to top 10 application security risks

Launch of Component Lifecycle Management