<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">


Stay current on Sonatype news.

April 19, 2017 - Sonatype Announces Secure DevOps Solution for Python Developers

Sonatype announced that its Nexus Firewall will offer support for automated governance of PyPI components before the end of the quarter.

April 10, 2017 - As DevOps Grows, Automation Is Key to App Security

IT organizations continue to struggle with breaches, which have risen sharply over the past three years. Yet during the same period, the use of secure components has remained flat, suggesting that more organizations must improve their applications' security posture.

March 22, 2017 - DevSecOps-Automatisierung hilft Development-Teams

Professionelle Software-Hersteller haben bereits weitreichend DevOps-Praktiken umgesetzt und lassen auch Sicherheitsaspekte vermehrt automatisiert in die Strategie mit einfließen. Zu diesem Schluss kommt eine Studie von Sonatype, einem Anbieter von Software-Supply-Chain-Automatisierung.

March 21, 2017 - Changing attitudes toward application security

Sonatype has published the results of its 2017 DevSecOps Community Survey.  2,292 IT professionals participated in the online survey conducted in February 2017. The survey revealed that mature development organizations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale. Analysis of responses also found that IT organizations continue to struggle with breaches as nearly a 50% increase was recorded between Sonatype’s 2014 and 2017 survey.

March 23, 2017 - New DevOps Research From Sonatype Reveals Changing Attitudes Toward Application Security

Sonatype, the leader in software supply chain automation, has announced the results of its 2017 DevSecOps Community Survey which was conducted in February.  There were 2,292 IT professionals that participated in the online survey which revealed that mature development organisations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale. Analysis of responses also found that IT organisations continue to struggle with breaches as nearly a 50% increase was recorded between Sonatype’s 2014 and 2017 survey.

March 21, 2017 - DevOps-Studie: Sicherheit frühzeitig einbinden

Sonatype hat die Ergebnisse der „2017 DevSecOps Community“-Umfrage bekanntgegeben.  2.292 IT-Experten nahmen an der im Februar 2017 durchgeführten Online-Umfrage teil. Die Untersuchung ergab, dass ausgereifte Entwicklungsorganisationen gewährleisten, dass Sicherheit automatisiert in ihre DevOps-Praktiken eingebunden ist, und zwar frühzeitig, überall und im richtigen Maßstab. Die Analyse der Antworten ergab außerdem, dass IT-Organisationen nach wie vor mit Sicherheitslücken zu kämpfen haben. Vergleicht man die Umfragewerte von Sonatype zwischen 2014 und 2017, so ist hier sogar ein Anstieg um nahezu 50 Prozent zu verzeichnen.

March 23, 2017 - DevOps Embraces Security Measures to Build Safer Software

DevOps is not simply transforming how developers and operations work together to deliver better software faster, it is also changing how developers view application security. A recent survey from software automation and security company Sonatype found that DevOps teams are increasingly adopting security automation to create better and safer software.

March 22, 2017 - Research reveals changing attitudes toward application security

Sonatype has announced the results of its 2017 DevSecOps Community Survey which revealed that mature development organisations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale.

March 21, 2017 - IT Pro Portal

Mature development organizations make sure automated security is built into their DevOps practice early, everywhere and at scale, according to a new report by Sonatype

March 22, 2017 - Businesses make automated security a part of DevOps

Mature development organizations make sure automated security is built into their DevOps practice early, everywhere and at scale, according to a new report by Sonatype.

BaltimoreBusinessJournal logo.png

February 2, 2017 - A look at the top four venture capital recipients of 2016

Sonatype Inc., Vtesse Inc., NextCure and GrayBug LLC were the four companies that received the most venture capital funding in 2016.
Dzone logo copy.png

February 1, 2017 - State of the Software Supply Chain

Thanks to Derek Weeks, V.P. and DevOps Advocate for Sonatype for sharing their second annual report on managing open source components to accelerate innovation. Following are the key findings of their research...

January 20, 2017 - Sonatype: 1 in 15 open source app components has at least one security vulnerability

Software supply chain automation company Sonatype is hanging out the flags to celebrate the fact that it has experienced a 300 percent growth in the use of its Nexus Repository over the past three years.
appdev magazine logo copy.png

January 13, 2017 - Scanning JavaScript for vulnerabilities: How the impossible is now possible

Javascript is everywhere, and it's awesome! But the world most popular language can be riddled with problems if you aren't a careful programmer.
container journal copy.png

January 6, 2017 - Sonatype Takes on Container Governance

As usage of containers continues to proliferate across the enterprise there will be some natural shifting of management responsibility between developers and IT operations teams in many organizations. In fact, most developers will have a bare-minimum involvement in anything to do with IT governance.

December 15, 2016 - Code Reuse a Peril for Secure Software Development

The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It’s a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off approach with the code they host.
logo-sdx-central-small bw.png

December 8, 2016 - Sonatype Adds Container Inspection to Its Lifecycle Software

Sonatype, a company offering a kind of quality control for software components, has extended its reach into the container world.

November 28, 2016 - DevOps & agile software development

Today’s interview is with Matt Howard, executive vice president for Market Development at Sonatype.   His company helps federal software developers put together code quicker, cheaper, and in a more secure manner.
The Register Logo bw.png

November 11, 2016 - Fancy 15 hours of DevOps

It’s one thing logging onto a 15 hour online event covering the world of DevOps. It’s quite another watching it live in the comfortable offices of one of the main sponsors with complimentary food and drinks from morning until evening. Plus happy hour.
appdev magazine logo copy.png

November 1, 2016 - Why software is no longer being written from scratch

Application developers are increasingly reliant on open source component parts because pre-fabricated components speed up innovation and save developers the time (and money) of having to write code from scratch.
eweek logo bw.png

October 21, 2016 - Sonatype Maps the JavaScript Genome for DevOps

Sonatype has mapped out the JavaScript genome to help organizations with high-velocity, automated development practices.

September 26, 2016 - What’s in your code? Why you need a software bill of materials

When developers and suppliers carefully list the tools used to build an application and what third-party components are included, IT can improve software patching and updates.


September 21, 2016 - 14 DevOps Leaders Join Forces

CloudBees, Sonatype, GitHub, CA Technologies and 10 other IT solutions and service providers have announced that they are forming an alliance with the goal of making it easier for enterprises to adopt the software stack needed to implement DevOps in their organizations.

September 15, 2016 - Jenkins World: CloudBees, DevOps Express, the Blue Ocean project, and Undo’s Live Recorder

Fourteen DevOps technology leaders announced a new initiative to streamline DevOps adoption at this week’s Jenkins World. The new DevOps Express aims to help answer key questions such as where to start, what a typical DevOps stack looks like, how to learn from others, how to minimize risk, and how to ensure technologies will work together.
computing logo bw.png

September 15, 2016 - 14 DevOps vendors link up to simplify enterprise adoption of 'best of breed' tools

DevOps Express initiative aims to streamline the way enterprises transform their software development and delivery processes to DevOps.

dotnetpro logo bw.png

September 14, 2016 - Sonatype und CloudBees starten DevOps Express-Initiative

14 Branchenführer haben sich zum Ziel gesetzt, die Kundenzufriedenheit mit "kampferprobten" nativen DevOps-Lösungen zu verbessern.

August 19, 2016 - Derek Weeks: A closer look at software supply chain

The software world is being flooded with open source product. In fact, the federal government has an open-source-first policy. But maybe it's time to stop and think about sources of open source. Where does all that code originate? The software supply chain. That's something Derek Weeks, vice president and DevOps advocate at Sonatype, looks at carefully. He joins Federal Drive with Tom Temin.


July 22, 2016 - Protecting the open source software supply chain

What: The 2016 State of the Software Supply Chain report from Sonatype detailing the use of open source components in software. Why: Because 80 to 90 percent of today’s software applications are made of component parts, and increasingly, open source components,  defect rates and security and quality issues abound within the software supply chain. Adopting supply chain automation principles, however, could reduce vulnerabilities.


July 12, 2016 - Report: 1 in 16 Java Components Have Security Defects

Sonatype has just released its second annual report on managing open source components. The "2016 State of the Software Supply Chain" report is available now, and well worth reading.

July 11, 2016 - Enterprise software developers continue to use flawed code in apps

Companies that develop enterprise applications download over 200,000 open-source components on average every year -- and one in 16 of those components has security vulnerabilities.


July 11, 2016 - Enterprise software developers continue to use flawed code in apps

The use of third-party code in enterprise software projects is growing fast, but the used code often has known flaws. 
Dive Logo

July 11, 2016 - Report: Enterprises more reliant on open source and third-party software components

The software supply chain is booming and enterprises are frequently turning to open source and third party software components to decrease the amount of code they have to write, which helps accelerate deployment cycles, according to Sonatype’s 2016 State of the Software Supply Chain report released Monday.

July 11, 2016 - Room for Application Security Improvement

Application security suffers from the indiscriminate use of open source software components, finds Sonatype research.

July 11, 2016 - The State of the Software Supply Chain report

Open-source software is being used more than ever, yet practices for sourcing the software are inefficient and vulnerabilities are pervasive, according to a report from supply-chain automation provider Sonatype. 

April 13, 2016 - Sonatype launches new Nexus Universal Repository Manager

Sonatype, the leader in software supply chain automation, today released the latest version of Nexus Repository, adding free support for seven of the most popular software component types. Additionally, Sonatype announced that Nexus Repository has now surpassed 100,000 active installations, including a majority of the Fortune 100, and continues to experience massive growth in usage. 

Feb 4, 2016 — Goldman Sachs Leads $30M Round in Sonatype

Goldman Sachs has led a $30 million investment in software developer Sonatype to help protect the quality of its open source software.

Feb 4, 2016 — Md.-based cyber firm picks up $30 million led by Goldman Sachs

Jackson said helping Goldman with its own software infrastructure led to the financing announced Thursday. If the institution hadn’t been a customer, he says, “they probably never would have found us.”

Feb 4, 2016 — Goldman Sachs Leads $30 Million Investment in Software Supply Chain Fixer

Don Duet, who co-leads the tech division at Goldman, cited the growing importance of open source code at his company as justification for the deal. “Today, open source components underpin a vast majority of our most mission-critical applications at the firm,” he said in a statement.

Feb 4, 2016 — Sonatype Snares $30 Million Investment Led By Goldman Sachs

Sonatype, a company that helps customers create automated, policy-driven software component security, announced a $30 million round today led by Goldman Sachs.

Dec 15, 2015 — Unwritten Rules of Hacking

Sonatype CTO Josh Corman is featured in CNN Money news segment from DefCon 2015 in Las Vegas, discussing white hat hacking as a force for good.

Dec 14, 2015 — Safer Open Source Code Inside The Enterprise – Sonatype Nexus Firewall

Given this new proliferation of open source software components, we are starting to see automation controls come forward to help control these essentially dynamic and constantly developing code bases. 

Nov 20, 2015 — Who let security into DevOps?

Josh Corman featured in a series that covers DevOps and SecOps, and securing the Internet of Things.

Nov 13, 2015 — Thousands of Java applications vulnerable to nine-month-old remote code execution exploit

A popular Java library has a serious vulnerability, discovered over nine months ago, that continues to put thousands of Java applications and servers at risk of remote code execution attacks.

Nov 13, 2015 — Twistlock Partners with Sonatype on Container Security

Twistlock have also partnered with Sonatype in order to help developers keep vulnerabilities out of the ‘left hand side’ of the image creation process.

Aug 18, 2015 — All the cyberattacks on the U.S. government (that we know of)

Federal agencies have suffered at least a dozen major data breaches or network intrusions since 2007. What's troubling is, experts say these are high-tech attacks trending toward an old-fashioned end: Espionage.

Aug 14, 2015 — Sonatype CTO, Josh Corman, interviewed on Fox Business News about a recent Verizon phone bill hack.

Sonatype CTO, Josh Corman, is interviewed on Fox Business News about cyber security and recent hacks on vehicles, medical devices and now a Verizon phone bill with a $117,000 charge.

Aug 12, 2015 — CNBC Interview with Sonatype CTO, Josh Corman, about cyber security

CNBC interviews Sonatype CTO, Josh Corman, about a suspected Russian attack on the Pentagon with a discussion about the broader implications of cyber security.

Jul 20, 2015 — When Good Code Goes Bad

Unlike other industries that rely on supply from other organizations, software development has no clear way to understand when an open source or proprietary component 'part' is found to be defective.

Jun 23, 2015 — Programmers are copying security flaws into your software, researchers warn

Programmers -- the people who create the software -- don't write all their code from scratch, instead borrowing freely from others' work. The problem: they're not vetting the code for security problems.

Jun 16, 2015 — Software Applications Have on Average 24 Vulnerabilities Inherited from Buggy Components

Many commercial software companies and enterprise in-house developers are churning out applications that are insecure by design due to the rapid and often uncontrolled use of open-source components.

Jun 1, 2015 — Sonatype Facilitates DevOps Approach to App Dev

Applications are rarely built from scratch today, but rather tend to leverage myriad tools and libraries as organizations increasingly move to a rapid deployment DevOps style of IT.

May 18, 2015 — Learning by Example: What software developers can learn from Toyota about supply chains

Software developers can learn a lot from the example of car manufacturing. Both stand to benefit from reducing the complexity in their supply chains and gaining more control over the parts they use.

Jan 23, 2015 — Growing Open Source Use Heightens Enterprise Security Risks

The data breaches disclosed earlier this month at Park ‘N Fly and OneStopParking.com, two major airport parking services, highlight the continuing risk that enterprises face from using open-source software in their environments without a plan for managing it.

Jan 21, 2015 — How secure are your open source-based systems?

The Cyber Supply Chain and Transparency Act of 2014 requires any supplier of software to the federal government to identify which third-party and open source components are used and verify that they do not include known vulnerabilities for which a less vulnerable alternative is available.