Nexus Live: December 2013 with Tyler Jewell, CEO of Codenvy

On-Demand Recording

Watch our December Nexus Live event featuring Tyler Jewell, CEO of Codenvy. Codenvy runs a cloud based development and deployment environment in a true devops fashion. Tyler shares how Codenvy uses Nexus as part of their build pipeline.


Fortune 50 Organizations Quickly Turn to Sonatype to Address a Global Software Security Threat

Fulton, MD. - November 6, 2013 - Sonatype, the software company that enables developers to rapidly build secure software while also eliminating compliance and licensing risk, is experiencing dramatic demand for its products. The company credits this momentum to the increasingly urgent need to address risks associated with the use of defective open source building blocks in mission-critical software applications. more

Sonatype Selected as SINET-16 Innovator to Present at 2013 SINET

San Francisco, Calif. - November 4, 2013 - The Security Innovation Network™ (SINET), an organization focused on advancing Cybersecurity innovation through public-private collaboration, today announced the 2013 SINET 16 Innovators, who will share their innovative solutions at the annual SINET Showcase on December 4 - 5, 2013 at the National Press Club in Washington D.C.


Nexus Live: November 2013 with Kyle Allan from Riot

On-Demand Recording

We continued our DevOps focus for the month of November and were joined by Kyle Allan from Riot Games. Kyle shared how Riot Games uses Chef to install Nexus. He also shared how they are using the Nexus REST API in the command line interface and a Nexus cookbook he has open sourced. Watch the recording to learn how to extend the value of Nexus into your deployment environment.


Sonatype Reduces Licensing Risks With New Update to NuGet and Visual Studio

FULTON, MD. – Sept. 9, 2013 Sonatype, a software company dedicated to enabling developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today announced an update to both the NuGet gallery and Visual Studio 2013 add-in that provides license data associated for each NuGet package based on the Sonatype Component Lifecycle Management (CLM) platform. more

Myths and Misconceptions on Securing Open-source Software

Agile security expert Ryan Berg addresses the common myths and misconceptions of securing open-source software and offers practical tips on how to build in security throughout the software development lifecycle – from design, development and deployment through to production.


Sonatype Named Emerging Company of the Year by Technology Council of Maryland

ROCKVILLE, Md.--May 17, 2013 - The Tech Council of Maryland (TCM), Maryland’s largest technology trade association with more than 400 biotechnology and technology members employing more than 200,000 in the region, last night announced the winners of its 2013 TCM Awards naming Sonatype the Emerging Company of the Year.

Help Net Security

The insecurity of the component lifecycle

Open source component use continues to skyrocket with applications now more than 80 percent component-based, while at the same time organizations continue to struggle with establishing policy to secure and govern component use. According to the Sonatype survey, 76 percent of organizations have no component management policies in-place.

Infosecurity Magazine

Three-fourths of organizations lack app component policy

When it comes to developing applications, open-source component use continues to skyrocket. And like operating systems or databases, open-source components represent a rich attack vector for hackers to exploit given their commonality across organizations and applications.

SD Times

Sonatype ushers in new era of application security aimed at eliminating risk in the modern software supply chain

Sonatype, the leader in Component Lifecycle Management (CLM), today introduced a revolutionary new approach to application security which significantly reduces the risk in using freely available, open source software (OSS) components. Sonatype CLM is the first and only solution to secure the entire component lifecycle – from design, development and deployment through production operations.



Codie INC 500 Red Herring SD Times NVTC RSA Gartner