Sonatype Collaborates with Red Hat to Deliver Speed, Security Features and Enhanced Visibility to the Modern Software Factory


Sonatype’s Nexus Lifecycle Leverages Red Hat OpenShift Operator Certification, Provides Software Bill of Materials Visibility

August 30, 2022 -- Fulton, Md. -- Sonatype, the pioneer of software supply chain management, today announced that Sonatype’s Nexus Lifecycle is better positioned to leverage its Red Hat OpenShift Operator Certification, to help provide intelligent insight into the open source components Red Hat OpenShift customers are using.

Sonatype’s Nexus Lifecycle combined with Red Hat OpenShift, creates an automated process that encourages component integrity and provides enhanced security features by developing a Software Bill of Materials (SBOM) that is license-compliant and highlights open source vulnerabilities. The certification will help enable Red Hat OpenShift customers to more easily and efficiently design an SBOM—helping enterprises mitigate risk across their software development lifecycle, and organizations required to meet the new U.S. federal cybersecurity requirement.

“We are pleased that Sonatype’s Nexus Lifecycle Red Hat OpenShift Operator Certification is now positioned to further extend choice and flexibility for customers on the industry’s leading enterprise Kubernetes platform,” said Mark Longwell, director, Partner Alliances, Hybrid Platforms, Red Hat. “IT Security continues to be a top priority for organizations, and with this enhanced certification, Sonatype helps provide Red Hat OpenShift customers greater insight into the development and security of their software.”

With Sonatype as a Red Hat OpenShift Certified Operator, customers gain easier access to deploy Sonatype Nexus Lifecycle in one click via the Operator catalog section on Red Hat OpenShift. Operators also provide automation across the stack—from managing the parts that make up the platform all the way to applications that are provided as a managed service.

“By leveraging this Red Hat OpenShift Operator Certification, Red Hat OpenShift users can now more easily integrate an automated production-ready SBOM into their Red Hat OpenShift pipelines, adding increased transparency into development that can help stop downstream cyber-attacks,” said Bruce Gordon, SVP of Global Channels & Alliances at Sonatype. “This collaboration will help provide Red Hat and Sonatype customers with increased intelligence for creating and maintaining secure-focused, quality and innovative software at scale.”

The collaboration will benefit from Sonatype’s status as a Red Hat Advanced Business Partner, and from Sonatype’s Nexus Lifecycle's certification as an open source and dependency management tool.

Sonatype is the software supply chain management company. We empower developers and security professionals with intelligent tools to innovate more securely at scale. Our platform addresses every element of an organization’s entire software development life cycle, including third-party open source code, first-party source code and containerized code. Sonatype identifies critical security vulnerabilities and code quality issues and reports results directly to developers when they can most effectively fix them. This helps organizations develop consistently high-quality, secure software which fully meets their business needs and those of their end-customers and partners. More than 2,000 organizations, including 70% of the Fortune 100, and 15 million software developers already rely on our tools and guidance to help them deliver and maintain exceptional and secure software.

Red Hat, the Red Hat logo, and OpenShift are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the U.S. and other countries.