Sonatype Is First to Market With a Free Universal Repository Manager to Include Support for Docker Images and npm JavaScript Modules


FULTON, Md., Dec. 14, 2015 /PRNewswire/ -- Sonatype, the company dedicated to helping IT organizations deliver higher quality software even faster, today announced free format support for Docker and npm in the market leading Nexus Repository Manager, as well as the development of plug-ins for both Twistlock and npm On-site.

The addition of Docker and npm format support makes Nexus Repository OSS the only free universal repository management solution. Nexus repository managers serve as the local warehouse for IT organizations to efficiently manage and distribute component parts, assemblies and finished goods across the software supply chain. Component support includes: Docker, npm, Maven/Java, NuGet, RubyGems, OBR, P2, APT, RPM and any other binary files used in Software delivery. Now IT organizations can have a single repository to manage, lowering the cost of administration, streamlining operation and advancing agile, continuous delivery and DevOps goals.

"Sonatype revolutionized how software was built by introducing repository managers into software supply chains. Now we are revolutionizing how DevOps teams will work with Docker images and how the JavaScript community manages npm modules," said Wayne Jackson. "We are excited to extend Nexus' heterogeneous support to include Docker and npm so organizations can deliver innovative software, even faster."

npm, Inc. Partnership: 
npm usage is growing exponentially with 2.5 billion downloads just last month. To further support the npm community, Sonatype and npm, Inc. have announced a strategic partnership to integrate Nexus Repository with npm On-site. This optimizes the experience for Javascript/Node.js developers working in organizations who rely on Nexus Repository across the diverse mix of development environments they use.

"npm On-Site, which delivers an on premise version of the website, complements Sonatype Nexus by providing additional search and discovery tools for JavaScript developers. Our goal is to reduce friction and help them share and reuse code," said Rod Boothby, Co-founder and COO of npm, Inc.

Twistlock Partnership: 
Docker research shows that security is a top concern of Docker users.2 Nexus Repository is the only repository management solution with built-in software supply chain intelligence to identify known security vulnerabilities. Sonatype and Twistlock have partnered to ensure that the growing community of Docker users can benefit from software supply chain intelligence for software living in Docker containers.

"Visibility and control are important to container users," said Ben Bernstein, CEO and co-founder of Twistlock. "In partnership with Sonatype we can ensure Docker users have visibility to the components inside the containers via Sonatype's software supply chain intelligence and Twistlock's vulnerability assessment capabilities. With that visibility, organizations can apply policy management in accordance with their compliance requirements."

For more information: 
Nexus 3 with Docker Support: Website 
Nexus 3 and Docker: Video Walk-Throughs 
Twistlock press release

About Sonatype: 
Every day, developers rely on millions of third party and open source building blocks — known as components -- to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don't have to make the tradeoff between going fast and being secure. Policy automation, ongoing monitoring and proactive alerts makes it easy to have full visibility and control of components throughout the software supply chain so that applications start secure and remain that way over time. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Bay Partners, Hummer Winblad Venture Partners and Morgenthaler Ventures. Visit:

About npm, Inc.: 
npm's mission is to take open source development to entirely new places, helping millions of developers around the world to share and reuse JavaScript code. We run the free, private npm registry that hosts more than 200,000 open-source packages of code for web, server-side, IoT, and mobile projects.

We also build tools and services that help the professional coder securely leverage the power of modular software development, with both Saas and enterprise software products.

npm, Inc. is a privately held company, based in Oakland, California.

About Twistlock: 
Twistlock provides the industry's first enterprise suite for container security. Twistlock's technologies address risks on the host and within the containerized application, enabling enterprises to enforce consistent security policies from development to production. Our innovative technologies monitor container activities, manage vulnerabilities, detect and isolate threats targeting production containers. Twistlock's mission is to provide an end-to-end, enterprise-grade security stack for containerized computing, so organizations can maximize the benefits of adopting containers. For more information, please visit