Skip Navigation

Sonatype Selected by Equifax to Support Open Source Governance & Security


Fulton, MD – January 29, 2019 -- Sonatype, the leader in automated open source governance and application security, today announced that Equifax Inc. (NYSE: EFX) has selected Sonatype’s Nexus platform to intelligently manage and monitor the use of open source libraries across its application portfolio. The selection was made following a competitive review.

“Open source software is at the core of virtually every company’s digital transformation. As a result, it has become critical that enterprises put automated open source governance and security at the center of their innovation programs. The Nexus Platform is designed specifically for organizations like Equifax that are taking the bold steps needed to innovate at scale while improving quality and reducing risk.” said Wayne Jackson, CEO of Sonatype.

“As we continue to deliver innovative and effective solutions for our customers around the globe, we’re focused on building security into each software application from the start and enhancing it throughout the development process. Sonatype’s Nexus Platform will help provide additional visibility, insight and automated governance of our use of open source throughout the development and operations lifecycle,” said Bryson Koehler, Chief Technology Officer for Equifax.

Founded in 2008, Sonatype helps thousands of organizations build better software, faster by mitigating risks inherent in open source through automated governance. Equifax is deploying Sonatype’s Nexus Platform including the Nexus Repository, which stores and distributes trusted components and build artifacts, Nexus Lifecycle, which continuously identifies and remediates open source risks across the development and production lifecycle, and Nexus Firewall, which prevents vulnerable libraries from entering the development environment in the first place. Each of these modules is powered by Nexus Intelligence, Sonatype’s unparalleled knowledge base of open source projects.

About Sonatype

More than 10 million software developers rely on Sonatype to innovate faster while mitigating security risks inherent in open source.  Sonatype’s Nexus platform combines in-depth component intelligence with real-time remediation guidance to automate and scale open source governance across every stage of the modern DevOps pipeline.  Sonatype is privately held with investments from TPG, Goldman Sachs, Accel Partners, and Hummer Winblad Venture Partners. Learn more at 

Media Contact: 

Elissa Walters