The Sonatype Newsroom

Featured News and Stories

April 29, 2025

Sonatype Expands Enterprise Protection Against Open Source Malware

New features help developers and security teams block risk early, from open source packages to AI models and containers

The hidden perils of open source in the era of AI

TechStrong

February 5, 2025

How attackers became the protagonists of the software supply chain

Forbes

January 31, 2025

Press Releases

See All Press Releases

Sonatype Threat Research

We have 65 researchers — pulling unique insights first.

Sonatype’s world-class Security Research team leads the market in identifying and analyzing threats within the open source ecosystem. With a combination of automated intelligence, expert analysis, and secondary expansion, the team uncovers new forms of open source malware, software supply chain attacks, and emerging vulnerabilities. From in-depth reports to real-time threat detection, Sonatype Security Research powers the insights that keep our customers ahead of adversaries and sets the standard for trust in software development.

Learn More

In the News

See All Media

10th Annual State of the Software Supply Chain Report

Sonatype was the first to share year-over-year analyses of open source consumption and threat data. For over a decade, the State of the Software Supply Chain® Report has provided developers and security teams with insights into trends, risks, and threats related to open source software — ultimately helping them better understand and manage their software supply chains.

Learn More

2008

year founded in Fulton, Maryland

600+

employees from 50 countries and 15 languages

2,000+

organizations supported, including 70% of Fortune 100

15 million

developers rely on Sonatype

Fulton, MD

headquarters

Maven Central

stewards

Logos

Access our collection of approved corporate logos and brand guidelines for use. Download

Leadership

Find high-resolution photos of our fearless innovators on the executive team. Download

Product

Find individual logos for products within the Sonatype Platform. Download

Featured News and Stories

Sonatype Expands Enterprise Protection Against Open Source Malware

The hidden perils of open source in the era of AI

How attackers became the protagonists of the software supply chain

10th Annual State of the Software Supply Chain Report

Press Kit

Subscribe for all the latest software security news and events

The Sonatype Newsroom

Featured News and Stories

Sonatype Expands Enterprise Protection Against Open Source Malware

The hidden perils of open source in the era of AI

How attackers became the protagonists of the software supply chain

Press Releases

Sonatype Expands Enterprise Protection Against Open Source Malware

Nearly 18,000 New Malicious Packages Discovered in Q1 According to Sonatype Open Source Malware Index

Sonatype Supports Secure Development in Rust

Sonatype Unveils Industry-First AI Software Composition Analysis (SCA) to Power AI-Driven Innovation

Open Source Malware Reaches More Than 778,500 Packages, According to Sonatype Researchers

Sonatype Announces Integration with Buy with AWS, Offering Simplified Procurement for AWS Customers on Marketplace

Sonatype Threat Research

We have 65 researchers — pulling unique insights first.

Open Source Malware Index Q1 2025: Data exfil threats rising sharply

2024 in Open Source Malware Report

In the News

The hidden perils of open source in the era of AI

Tetragon: Extending eBPF and Cilium to runtime security

How attackers became the protagonists of the software supply chain

Cyber insights 2025: Social engineering gets AI wings

Python administrator moves to improve software security

EU, U.S. at odds on AI safety regulations

10th Annual State of the Software Supply Chain Report

Press Kit

Subscribe for all the latest software security news and events