Sonatype Reports Record Growth in 2017


Increased application hacks motivate companies to seek new ways to automate secure software development

Fulton, MD – January 16, 2018 - Sonatype, the leader in open source governance and DevSecOps automation, today announced a record 2017, including:  

  • 75% increase in new sales
  • 125% net renewal rate
  • 72% increase in developers using Nexus, now 10 million
  • 150 new enterprise clients

Sonatype enterprise customers now include:

  • 8 out of 10 top banks in Europe and North America.
  • 8 of the top 10 US credit card companies
  • 6 of the top 10 US tech companies
  • 4 out of 5 US Armed Forces

To keep pace with demand, Sonatype increased headcount by 40% over the past 12 months, fueled by significant additions to its engineering and sales organizations. 

Vulnerable applications are the number one attack vector leading to breaches. Traditional application security tools that function as ‘toll gates’ and impede progress aren’t working. As companies understand the need for ‘guardrails’ not gates, they’re turning to Sonatype to continuously automate security early and often throughout the development lifecycle.

“Sonatype invented automated OSS governance in 2012.  Since then, our Nexus platform has been helping software development teams govern their use of open source and third-party components so they can build higher quality and more secure applications,” said Wayne Jackson, CEO of Sonatype. “2017, however, was a special year; companies began to recognize the changing role of security in a DevOps world and a strong market for OSS governance emerged. The stage has been set for 2018 to be the year of DevSecOps.”

“By 2021, DevSecOps practices will be embedded in 80% of rapid development teams, up from 15% in 2017,” wrote Gartner analysts Neil MacDonald and Ian Head in their 3 October 2017 report, 10 Things to Get Right for Successful DevSecOps.  “In the past 12 months at Gartner, how to securely integrate security into DevOps — delivering DevSecOps — has been one of the fastest-growing areas of interest of clients, with more than 600 inquiries across multiple Gartner analysts in that time frame.”

About Sonatype

Sonatype is the leading provider of DevOps-native tools to automate modern software supply chains. As the creators of Apache Maven, the Central Repository, and Nexus Repository, Sonatype pioneered componentized software development and has a rich history of supporting open source innovation. Today, more than 150,000 organizations depend on Sonatype’s Nexus platform to govern the volume, variety, and quality of open source components flowing into modern software applications. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Hummer Winblad Venture Partners, Morgenthaler Ventures, Bay Partners and Goldman Sachs. Learn more at

Media Contact
Elissa Walters