Skip Navigation

Sonatype Launches Industry's First ‘Run Anywhere’ Platform for Software Supply Chain Management


The addition of cloud to on-premises and fully disconnected deployment options make it the most versatile software composition analysis and application security testing solution available

February 1, 2023 -- Seattle, Wash. -- CloudNativeSecurityCon -- Sonatype, the pioneer of software supply chain management, has made it easier than ever for developer and security teams to unite and build innovative software securely with the announcement of new cloud offerings. With these additions, Sonatype becomes the only Application Security Testing (AST) and Software Composition Analysis (SCA) tool available that offers Cloud, Self-Hosted, and Disconnected deployment options - giving maximum control and flexibility to its customers.

Sonatype's secret sauce including proprietary intelligence, industry-leading research, and AI behavioral analysis helps organizations manage their software supply chains at scale to deliver products faster and with safer open source. These flexible deployment options enable Sonatype solutions to run anywhere organizations need them–and help teams shift-left without operational hurdles. Deployment options include:

  • Cloud: Software supply chain management is now in the cloud with enterprise-grade security and minimal effort. Customers can protect their software supply chains without needing to deploy and manage infrastructure, making it ideal for organizations looking to streamline their infrastructure and rapidly scale.
  • Self Hosted: This solution offers maximum flexibility. Organizations can choose to host on their own servers/on-premises or in a cloud environment of their choice
  • Disconnected: The Nexus Disconnected Environment (NDE) is the only open source and dependency management solution available for air-gapped environments, which makes it ideal for government and affiliated organizations that want to manage their open source software supply chain.

“As the use of open source software in modern applications continues to increase, so does the risk from malware and other vulnerabilities. Software supply chain attacks have jumped an astonishing 742% per year, on average, over the past three years,” said Mitchell Johnson, Chief Product Development Officer at Sonatype. “There has never been a greater need for the ability to detect code quality and implement security at the point of creation. Sonatype is answering that need and more, allowing developers, engineering teams, and enterprises to build software fearlessly in the environment that best works for them.”

According to Gartner, public cloud spending is estimated to exceed 45% of all enterprise IT spending by 2026. As enterprises and governments recognize the incredible need to protect our software supply chains and better understand the open source software they’re using, Sonatype is the only platform on cloud with the industry’s first behavioral AI-driven component firewall that can automatically block malicious malware from entering your software development lifecycle (SDLC), mitigating the number one security threat in 2023. The platform also provides security policy automation with instant developer feedback at all stages of the development process.

“With malicious attacks evolving, cyber attacks increasing, and high-profile breaches like Log4j continuing to make headlines, the demand for cybersecurity tools is skyrocketing. It’s clear that modern organizations cannot excel without managed security,” said Chris Rommel, Executive Vice President at VDC Research. “By expanding the ways organizations can implement DevSecOps and utilize software composition analysis tools, Sonatype is helping to drive the industry forward, making it easier for companies in all industries to protect their software supply chains.”

Sonatype is the software supply chain management company. As an industry pioneer and inventor of componentized software development, Sonatype continually pushes the boundaries of what’s possible in open source security and software supply chain management. This development follows surging market demand and another extraordinary year of growth for the company.

“With Sonatype, there is no tradeoff between risk management and productivity. Over 2,000 organizations and 15 million software developers already rely on Sonatype’s industry-leading platform to deliver and maintain secure, exceptional software,” said Alex Berry, President at Sonatype. “Expanding our deployment options not only gives customers convenience and flexibility, but complete control. We’re thrilled to help even more organizations shift security left and automate their software supply chain management.”

About Sonatype

Sonatype is the software supply chain management company. We empower developers and security professionals with intelligent tools to innovate more securely at scale. Our platform addresses every element of an organization’s entire software development life cycle, including third-party open source code, first-party source code and containerized code. Sonatype identifies critical security vulnerabilities and code quality issues and reports results directly to developers when they can most effectively fix them. This helps organizations develop consistently high-quality, secure software which fully meets their business needs and those of their end-customers and partners. More than 2,000 organizations, including 70% of the Fortune 100, and 15 million software developers already rely on our tools and guidance to help them deliver and maintain exceptional and secure software.