Sonatype Announces Secure DevOps Solution for Python Developers


Fulton, MD – April 19, 2017  Sonatype, the leader in software supply chain automation, today announced that its Nexus Firewall will offer support for automated governance of PyPI components before the end of the quarter.  Sonatype continues to lead the market in introducing application security technology at the earliest possible phase of the software development lifecycle for DevOps practices.

According to Sonatype’s 2017 DevSecOps Community Survey, 19% of highly mature DevOps organizations currently conduct application security analysis during the design phase. By providing automated analysis of PyPI packages with Nexus Firewall, organizations developing in the Python language can now introduce automated security and governance practices at the earliest stage of their DevOps pipeline.

In Gartner’s September 2016 report, DevSecOps: How to Seamlessly Integrate Security into DevOps, Gartner analysts Neil MacDonald and Ian Head wrote that development organizations should “Implement an ‘OSS firewall’ to proactively prevent developers from downloading known vulnerable code from Maven, GitHub and other OSS code repositories by policy.”

Python development teams using Nexus Firewall will be able to ensure the packages they use meet the highest quality and security standards by:

  • Defining and enforcing rules for PyPI component usage
  • Analyzing and selectively admitting PyPI components
  • Keeping production apps safe from risky components

“In January 2017 alone, 662 million PyPI packages were downloaded from,” said Wayne Jackson, CEO of Sonatype. “Now organizations developing in the Python language can shield themselves from vulnerable components entering their software supply chain at the earliest stage in the development lifecycle by adopting a security-first solution.”

Additional Resources:

About Sonatype

Last year developers requested 31 billion components from the Central Repository to manufacture the software applications that run the world. Additionally, with more than 120,000 installations, companies around the globe use Sonatype’s Nexus solutions to manage reusable components and improve the quality, speed and security of their software supply chains. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Hummer Winblad Venture Partners, Morgenthaler Ventures, Bay Partners and Goldman Sachs. For more information, visit:


Media Contact
Jennifer Edgerly
SpeakerBox Communications for Sonatype