Skip Navigation

Sonatype Recognized as Leading Provider of Software Composition Analysis by Independent Research Firm


New report highlights insights about software composition analysis (SCA) vendors, as the need for automated Application Security increases exponentially

FULTON, MD – Jan 25, 2019 - Sonatype, the leader in automated open source governance, announced it has been recognized as one of five “large” SCA Specialists in Forrester Research’s new Now Tech: Software Composition Analysis, Q1 2019 report. According to Forrester, the report was developed to help security professionals understand the value, and increasing need, for SCA as well as the types of programs and strategies that various vendors provide, based on size and functionality.

“According to global security decision makers, the top two business priorities for their firms are to grow revenue and improve the experience of customers,” writes Forrester Analyst Amy Demartine in the Now Tech: Software Composition Analysis, Q1 2019 report. “Accelerating the use of open source components can help achieve both priorities by letting developers focus on creating new and unique features rather than recreating basic functionality. It’s long past time for security pros to realize the benefits of open source components and embrace its use in development.”

The report provides an overview of 17 SCA vendors and groups them into three different segments based on functionality and three different segments based on size. Sonatype is identified as one of only five large SCA Specialists. Forrester notes that Specialists deliver the most functionality in the SCA segment by offering the broadest OSS language coverage, creating a complete software bill of materials (SBOM), integrating into CI/CD pipelines, and notifying users of new vulnerabilities.

“For the past 11 years, it’s been our mission to empower development teams with precise open source intelligence and to help them avoid the use of flawed libraries that could increase cyber security, licensing and other risks,” said Wayne Jackson, CEO of Sonatype. “It’s exciting to see a prestigious research firm like Forrester recognize how important this market has become and that SCA is truly business critical issue. We’re honored to be among the best vendors in the business taking on this challenge.”

Sonatype helps thousands of organizations build better software, faster, by mitigating risks inherent in open source with automated governance. The company’s Nexus Platform includes the Nexus Repository, which stores and distributes trusted components and build artifacts, Nexus Lifecycle, which continuously identifies and remediates open source risks across the development and production lifecycle, and Nexus Firewall, which prevents vulnerable libraries from entering the development environment in the first place.  Each of these modules is powered by Nexus Intelligence, Sonatype’s unparalleled knowledge base of open source projects.

Additional Resources:

About Sonatype

More than 10 million software developers rely on Sonatype to innovate faster while mitigating security risks inherent in open source.  Sonatype’s Nexus platform combines in-depth component intelligence with real-time remediation guidance to automate and scale open source governance across every stage of the modern DevOps pipeline.  Sonatype is privately held with investments from TPG, Goldman Sachs, Accel Partners, and Hummer Winblad Venture Partners. Learn more at