Sonatype Acquires MuseDev


Acquisition pairs developer-friendly source code analysis with full-spectrum software supply chain management.

Fulton, MD – Tuesday, March 16, 2021Sonatype, the leader in developer-friendly tools for software supply chain management and security, today announced the acquisition of MuseDev, an innovative code analysis platform. MuseDev’s core offering automatically analyzes and provides uniquely accurate feedback on each developer pull request, making it easy to find and fix critical security, performance, and reliability bugs during code review. 

With the addition of Muse, the Sonatype Nexus platform now offers customers full-spectrum control of the cloud-native software development lifecycle including: first-party source code, third-party open source code, infrastructure as code, and containerized code. 

“Beginning today, with the acquisition of MuseDev, we are further expanding our platform to help customers automatically control the quality of code their developers write,” said Wayne Jackson, CEO of Sonatype. “Coupled with our recently launched Nexus Container and Infrastructure as Code solutions, we are now delivering a developer-friendly and full-spectrum software supply chain management platform and serving clear notice that Sonatype remains the incumbent market leader compared to emergent players. We welcome Dr. Stephen Magill and the entire MuseDev team to Sonatype.”

The news comes amid continued record growth for Sonatype. The company now counts 70% of the Fortune 100 as customers and supports more than 2,000 commercial engineering teams. Further, in 2020 Sonatype experienced 35% annual growth in Nexus Repository installs, which now total more than 250,000 instances. Today, the combination of Sonatype’s commercial and open source tools are trusted by nearly 15 million developers around the world. 

"We built Muse to provide developers feedback in the same way their teammates do — as comments in code review. Teams adopting this approach are 70 times more likely to fix code quality and security issues,” says Dr. Stephen Magill, CEO of MuseDev. “We’ve always been impressed with Sonatype’s Nexus platform and the company’s long-standing commitment to developer success. We’re truly excited to join them as they strive to bring operational excellence to the management of software supply chains.”

MuseDev was founded as a spin-out of Galois by a team of software developers with a passion for creating tools that help developers write their best code. The team includes deep expertise in static application security testing, machine learning, and semantic code analysis honed on mission critical projects executed at the U.S. Department of Defense, Amazon, and Microsoft.

“As enterprises look to push their development teams to work faster, it becomes imperative to find ways to help developers to move more quickly by automating crucial but time consuming tasks like code analysis,” said Stephen O’Grady, Principal Analyst with RedMonk. “This is exactly what MuseDev is built for, with its ability to automatically analyze each incoming pull request.”

Strengthening Software Supply Chain Management with Developer-Friendly Source Code Analysis

The acquisition of MuseDev immediately expands the breadth and depth of Sonatype’s Nexus platform. To achieve coverage across the full spectrum of code performance, reliability, security, and style issues, Muse integrates its 24 pre-configured code analyzers into GitHub, GitLab and Bitbucket. Muse then automatically analyzes each pull request, and provides rapid and accurate visibility into critical bugs within the developer workflow, as comments in code review. Muse analyzers are pre-tuned to minimize false-positive noise to ensure developers focus on the bugs that matter most. Lastly, Muse gives developers clear guidance on how to fix reported bugs that are identified.

Muse analyzers go beyond traditional linting to perform deep code analysis such as interprocedural information flow and thread safety analysis — techniques that were previously only available in tools owned by security. Because Muse feedback is delivered during the peer code review portion of the workflow, it’s easy and natural for developers to fix bugs without hindering innovation velocity. This makes Muse highly complementary to conventional SAST tools that perform deep analysis on compiled applications later in the release cycle.

Finally, to ensure more developers can get started right away, Muse automates the mundane, yet complex, aspects of tool installation and configuration. By providing a simple one-click setup of its advanced code analysis..

Additional Resources

About Sonatype

Sonatype is the leader in developer-friendly, full-spectrum software supply chain management providing organizations total control of their cloud-native development lifecycles, including third-party open source code, first-party source code, infrastructure as code, and containerized code. The company supports 70% of the Fortune 100 and its commercial and open source tools are trusted by 15 million developers around the world. With a vision to transform the way the world innovates, Sonatype helps organizations of all sizes build higher quality software that's more aligned with business needs, more maintainable, and more secure. 

Sonatype has been recognized by Fast Company as one of the Best Workplaces for Innovators in the world, two years in a row and has been named to the Deloitte Technology Fast 500 and Inc. 5000 list for the past five years. For more information, please visit, or connect with us on Facebook, Twitter, or LinkedIn