The leader in software supply chain management.

Sonatype has a long history of accelerating open source usage. As the stewards of the Central Repository, the creators of the Apache Maven project and the distributors of the Nexus open source repository manager, Sonatype has supported the adoption of open source by more than 10 million developers worldwide.

Today, Nexus repository managers are preferred 5:1 over all other brands with more than 42,000 instances worldwide. Sonatype Component Lifecycle Management (CLM) has fast become the “go-to” choice for mitigating open source risk by providing continuous governance across the software supply chain.

100% of the top credit card companies, 80% of the top financial companies and 75% of the top IT manufacturers are Sonatype customers.

Governance at the pace of modern development.

Much like a traditional “supply chain” is used to manufacture products, today’s software is built with a supply chain of components from all over the globe, most of which are open source. The challenge is knowing which components you are using, where they are used and which ones have security vulnerabilities, license or quality issues.

Sonatype delivers a patented method for providing accurate, real-time data on component vulnerabilities, which is then integrated into the tools development professionals use everyday. By seeing clearly and acting quickly, open source risk is easily avoided across the entire software lifecycle with comparatively low cost and effort. Crisp, clean dashboard views satisfy the varied needs of application developers, architects, DevOps as well as security and legal staff.

The urgent need for software supply chain management and the value that Sonatype provides has been recognized by influential media such as The Wall Street Journal, Forbes, and The New York Times as well as industry publications including CIO, CSO, Wired, and Tech Crunch.

Because your software development doesn’t stop, we don’t believe your governance should either Sonatype makes it easy to provide continuous governance across today’s continuous software supply chain. Watch this 3-minute video to learn how you can provide governance at the speed of development.

The stats in support of software supply chain management

Managing risk and achieving efficiency in the software supply chain is incredibly important because:

  • Open source usage is exploding. 13B downloads in 2013. 20B expected in 2014.
  • 90% of the typical application is comprised of open source or 3rd party components
  • Only 57% of organizations have policies governing open source usage and 29% of those policies don’t address security
  • 71% of all applications contain at least one critical flaw in at least one component
  • Nearly 2/3 of organizations don’t know which components are used in their applications
  • 60% of developers aren’t concerned about security
  • One year after a security alert: 6,916 organizations downloaded a high-risk component 66,284 times. (And this is true of many components!)
  • Over the past few years, more than 5,000 security vulnerabilities have been found in open source code, according to the National Vulnerability Database.
  • Less than 1 percent of security budgets are spent on application security
  • 90% of cyber attacks are focused on applications

View the infographic.

Sources: Ponemon Institute, Verizon 2013 Data Breach Investigations Report, Open Source Developer Survey, and Sonatype Application Health Check

Products

SONATYPE REPOSITORY MANAGERS
Take the Tour

Nexus repository managers enable development teams to enjoy the benefits of agile component-based development in a streamlined and structured environment.

SONATYPE COMPONENT LIFECYCLE MANAGEMENT (CLM)
Take the Tour

Component Lifecycle Management (CLM) provides a new way to identify, manage and monitor every component and its dependencies throughout the software lifecycle. CLM enables organizations to realize the promise of agile, component-based software development while avoiding security, quality and licensing risks.

Get Started with Sonatype. Learn more.