The Sonatype newsroom
Learn the latest about Sonatype. Explore our announcements, press coverage, brand assets, and more.
Press releases
News and Views
Generative AI Adoption Surges in Software Development Despite Security Risks, Sonatype Research Finds
September 12, 2023
News and Views
Sonatype Drives Intelligent Software Security with New Product Enhancements
August 21, 2023
News and Views
Biden’s Cybersecurity Executive Order fuels seismic changes in software development practices, Sonatype research reveals
August 3, 2023
News and Views
Rashida Hodge Joins Sonatype's Board of Directors, Bringing Innovative Leadership and AI Expertise
July 13, 2023
News and Views
Sonatype Repository Firewall Has Prevented More Than $1.5B in Losses from Malicious Attacks
June 20, 2023
News and Views
Sonatype Named a Leader in Software Composition Analysis (SCA) by Independent Research Firm
June 15, 2023
News and Views
Sonatype Named to 2023 Gartner® Magic Quadrant™ for Application Security Testing
May 23, 2023
News and Views
Sonatype Advances Software Supply Chain Management with New Platform Enhancements
April 25, 2023
News and Views
Sonatype Launches New Partner Acceleration Program to Help Partners Scale and Secure their Customers’ Software Supply Chains
April 3, 2023
News and Views
Sonatype Launches Industry's First ‘Run Anywhere’ Platform for Software Supply Chain Management
February 1, 2023
News and Views
Commerzbank AG, ABN Amro Bank NV, Instinet, and Fiserv Win 2022 Sonatype Elevate Awards
December 8, 2022
News and Views
Sonatype Wins Multiple Awards for Product Excellence and Innovation
November 3, 2022
News and Views
Sonatype and CyberRes Fortify Expand Partnership to Provide Complete Application Security Solution
October 26, 2022
News and Views
Sonatype’s 8th Annual State of the Software Supply Chain Report Finds 96% of Known-Vulnerable Open Source Downloads Are Avoidable
October 18, 2022
News and Views
Sonatype and Cloud Native Computing Foundation Partner to Improve Open Source Security and Raise $50,000 in Diversity Scholarships
October 6, 2022
News and Views
Sonatype Finds 700% Average Increase in Open Source Supply Chain Attacks
September 20, 2022
News and Views
Sonatype Collaborates with Red Hat to Deliver Speed, Security Features and Enhanced Visibility to the Modern Software Factory
August 30, 2022
News and Views
Sonatype Names Mitchell Johnson as Chief Product Development Officer
August 25, 2022
News and Views
Sonatype Achieves Record Growth, Expands Leadership Team with New Board Member and CRO
July 20, 2022
Nexus Lifecycle
,
Product
Sonatype Enables Engineering Teams to Take Control of InnerSource Components With First-Of-Its-Kind Feature
May 11, 2022
Default
Sonatype Sets Record First Quarter With 62% Increase in YOY Bookings, 95% Renewal Rate, as Software Supply Chain Management Needs Continue to Surge
April 19, 2022
News and Views
,
Corporate Momentum
Sonatype Exceeds $100M in ARR, Names First President as Demand for Software Supply Chain Management Soars
January 27, 2022
Log4j
Critical Log4j Vulnerability Still Being Downloaded 40% of the Time, Sonatype Research Reveals in New Resource Center
December 22, 2021
News and Views
Sonatype Expands Support for Open Source Communities with Key Partnerships
October 5, 2021
State of the Software Supply Chain
Open Source Continues to Fuel Digital Transformation, Sonatype's 2021 Software Supply Chain Report Reveals Important Trends
September 15, 2021
Product
,
Sonatype Lift
Sonatype Launches Novel Deep Code Analysis Platform Designed for Developers
June 15, 2021
News and Views
,
partners
Amazic Announces New Partnership With Sonatype to Bring More Enterprises Developer-Friendly, Full-Spectrum Software Supply Chain Automation and Security
June 10, 2021
News and Views
,
Product
Sonatype Embraces CycloneDX Standard for Integrating Software Bills of Materials (SBOMs)
May 13, 2021
Nexus Lifecycle
,
Product
Sonatype Helps Organizations Manage Open Source License Obligations and Speed up Legal Compliance with New Tool
May 4, 2021
Default
Sonatype’s Channel Partner Program Experiences Triple Digital Growth in EMEA For the Second Year Running
March 30, 2021
News and Views
,
Product
Sonatype Unveils Full-Spectrum Software Supply Chain Management Platform
March 16, 2021
News and Views
,
Product
,
infrastructure as code
Sonatype Adds Infrastructure as Code Security and Compliance
March 16, 2021
Container Security
,
News and Views
,
Product
Sonatype Adds Cloud-Native Container and Kubernetes Security for Developers
March 16, 2021
News and Views
,
partners
Russian Enterprises Turn to Swordfish Security and Sonatype to Combat Risk Associate With Open Source
February 25, 2021
News and Views
,
partners
Bahwan CyberTek Partners With Sonatype to Mitigate Security Vulnerabilities in Open Source Software
February 18, 2021
News and Views
,
CapOne
Sonatype Partners With SVA System Vertrieb Alexander GmbH to Help Enterprises Mitigate Risk and Build Software More Securely
January 19, 2021
News and Views
,
partners
Cigniti Technologies Announces Partnership With Sonatype, Extends AppSec Offering With Best-In-Class Software Composition Analysis
January 6, 2021
partners
Eficode Bolsters Partnership With Sonatype, Extends Best-In-Class Software Composition Analysis With Hosted Solutions
December 10, 2020
News and Views
Sonatype Strengthens Leadership Team With New Chief Revenue Officer; Prepares for Global Expansion
December 8, 2020
partners
Adaptavist Offers Enterprise DevSecOps Solution With Sonatype Partnership
December 1, 2020
Product
,
infrastructure as code
,
Fugue
Sonatype and Fugue Partner to Shift Cloud Security Left and Ensure Continuous Policy Compliance
November 12, 2020
oss index
,
partners
Tidelift Delivers Open Source Vulnerability Data to Subscribers with Sonatype
October 29, 2020
government
,
Product
Sonatype Delivers Hardened Nexus Platform to DoD’s Platform One, Helps Accelerate Digital Innovation Across Federal Agencies
October 8, 2020
Nexus Lifecycle
,
Product
Sonatype Introduces Next Generation Dependency Management for Software Developers
October 7, 2020
container
,
News and Views
,
Product
,
NeuVector
Sonatype and NeuVector Partner to Centralize Container and Open Source Security
September 16, 2020
News and Views
,
2020 Software Supply Chain Report
2020 State of the Software Supply Chain Report Released; Sonatype Reveals New Speed and Security Benchmarks
August 12, 2020
News and Views
,
2020 Software Supply Chain Report
Sonatype’s 2020 State of the Software Supply Chain Report Finds 430% Increase in Next Generation Open Source Cyber Attacks
August 12, 2020
Report/Survey/Whitepaper releases
,
2020 DevSecOps Community Survey
,
healthcare industry
One in Six Developers in Healthcare Industry Report Open Source Software Breaches, Sonatype Finds
June 4, 2020
Report/Survey/Whitepaper releases
,
2020 DevSecOps Community Survey
,
financial services industry
Sonatype Finds Links Between Leading DevSecOps Practices and Happy Developers Within the Financial Services Industry
June 4, 2020
government
,
DevSecOps in Government
,
Report/Survey/Whitepaper releases
,
2020 DevSecOps Community Survey
Sonatype Survey Finds DevSecOps is a Top Priority in Government
June 4, 2020
Report/Survey/Whitepaper releases
,
2020 DevSecOps Community Survey
,
technology sector
Sonatype Finds Tech Companies Are Peak DevSecOps Performers
June 4, 2020
atlassian
,
integrations
,
Product
Sonatype’s Nexus Platform Offers Three New DevOps Integrations for Atlassian
June 2, 2020
The Central Repository
,
Central
,
Maven
,
Report/Survey/Whitepaper releases
,
COVID-19
Software Development in the UK Falls 28% in Wake of COVID-19, Sonatype Research Reveals
May 21, 2020
Sonatype
,
Sonatypers
Sonatype Expands Executive Team With Cybersecurity and Open Source Experts
May 14, 2020
Nexus Lifecycle
,
Nexus Firewall
,
Bower
,
Nexus Platform
,
Product
,
CocoaPods
,
Conda
,
C/C++
,
PHP
,
Cargo
,
Alpine
,
Composer
,
CRAN
,
Drupal
Sonatype Further Expands Coverage of Nexus Platform
May 13, 2020
all day dev ops
,
2020 All Day DevOps
Sonatype Collaborates With All Day DevOps to Connect More Than 6,000 IT Pros Working From Home During the COVID-19 Pandemic
April 16, 2020
2020 DevSecOps Community Survey
Sonatype Finds Mature DevSecOps Practices Lead to Happier Developers, More Secure Code
April 7, 2020
Ruby Gems language
,
Nexus Platform
,
Product
,
C/C++
,
PHP
Sonatype Expands its Fully Automated Open Source Security and Governance Solution to Support C/C++, PHP and Ruby
March 12, 2020
awards
,
Product
Sonatype Channel Partner Program Sees Triple Digit Growth in EMEA
March 5, 2020
Nexus Lifecycle
,
npm
,
Javascript
,
Product
Sonatype Overhauls JavaScript Scanning; Provides npm Automated Pull Requests and More Free Developer Tools
March 3, 2020
Nexus Repository
,
Product
,
Helm
Sonatype Streamlines Deployment for Millions of Developers Using Kubernetes, Adds Native Helm Support to Nexus Repository
February 24, 2020
News and Views
Eficode and Sonatype Partner to Secure the Software Supply Chain for Modern Enterprise Organisations
November 27, 2019
devsecops
,
Container Security
,
Product
Sonatype Fully Automates Container Security
November 25, 2019
News and Views
,
Corporate Momentum
Vista Equity Partners Acquires Majority Interest in DevOps Leader Sonatype
November 18, 2019
all day devops
,
News and Views
Sonatype Partners With All Day DevOps to Help Educate More Than 36,000 IT Professionals
November 5, 2019
Product
,
CocoaPods
,
Conda
Sonatype’s Nexus Repository Manager Expands OSS Coverage, Sees 40% YoY User Growth
October 25, 2019
open source intelligence
,
Product
,
embedded malicious code
,
malware prevention
Sonatype Delivers First of its Kind, Automated Malware Prevention for Open Source Libraries
September 24, 2019
Product
Micro Focus Bolsters Strategic Partnership With Sonatype, Brings Best-In-Class Open Source Security to All Fortify Customers
September 10, 2019
Nexus Lifecycle
,
Nexus Firewall
,
Nexus Repository
,
Nexus Platform
,
Product
,
Golang
,
Go
Sonatype Goes Long With Go: Delivers Fully Automated Security Solution for Fast Growing Programming Language
July 24, 2019
devsecops
,
2019 State of the Software Supply Chain Report
,
secure coding
2019 State of the Software Supply Chain Report Reveals Best Practices From 36,000 Open Source Software Development Teams
June 25, 2019
Devops
,
devsecops
,
Nexus User Conference
Sonatype’s Nexus User Conference to Bring 2,000 DevSecOps Leaders Together for Free, Live Streamed Event
June 10, 2019
Red Hat
,
Container Security
,
Quay
Sonatype Debuts New Capabilities for Red Hat Quay, Offers Users Continuous Container Security for Open Source
May 7, 2019
News and Views
,
best workplace
Sonatype Named on Best Workplace Lists by Both Washingtonian Magazine and Battery Ventures
April 29, 2019
Everything Open Source
,
The Central Repository
,
Open Source
,
Central Security Project
,
CSP
Sonatype and HackerOne Team Up to Make Open Source Safer
March 21, 2019
devsecops
,
Devops maturity
,
DevSecOps Community Survey
5,558 IT Professionals Reveal Patterns of Elite DevSecOps Practices
March 4, 2019
artifactory
,
Nexus Firewall
,
Product
Sonatype’s Nexus Firewall Now Protects JFrog Artifactory
February 28, 2019
Everything Open Source
,
Product
,
Kenna Security
Kenna Security and Sonatype Partner to Enhance Risk-Based Vulnerability Management with Open Source Intelligence
February 26, 2019
Nexus Lifecycle
,
python
,
PyPI
,
open source intelligence
Sonatype Adds End-to-End Security for PyPI Packages
February 6, 2019
equifax
,
automated open source governance
Sonatype Selected by Equifax to Support Open Source Governance & Security
January 29, 2019
Forrester
,
Nexus Platform
,
TEI
Total Economic Impact Study on Sonatype’s Nexus Platform Reveals 232% ROI and 20% Reduction in Risk of Breach
January 29, 2019
Forrester
,
Software composition analysis
,
News and Views
Sonatype Recognized as Leading Provider of Software Composition Analysis by Independent Research Firm
January 25, 2019
Sonatype Nexus
,
devsecops
,
sonatype momentum
,
open source intelligence
Sonatype Expands its Executive Team Following an Outstanding 2018
January 8, 2019
sonatype momentum
,
software supply chain governance
,
sonatype awards
Sonatype Named to Deloitte’s 2018 Technology Fast 500™, Recognized as One of the Fastest Growing Companies in North America
November 16, 2018
2018 All Day DevOps
,
devops conferences
Sonatype Partners With All Day DevOps to Educate More Than 1 Million People Through an Expanded 2018 Program
October 15, 2018
AppSec
,
Application Security
,
Fortify
,
automated open source governance
,
micro focus
Micro Focus Extends Partnership with Sonatype to Bring Best-In-Class Open Source Security to all Fortify Customers
September 25, 2018
open source development
,
State of the Software Supply Chain
,
devops
,
2018 State of the Software Supply Chain
,
ssc
Sonatype’s 2018 State of the Software Supply Chain Report Reveals Use of Vulnerable Open Source Increased 120%, Despite Equifax Breach
September 25, 2018
github
,
devsecops
,
oss index
,
DepShield
Sonatype Launches DepShield App to Democratize Open Source Governance
August 30, 2018
Javascript
,
devsecops
,
secure by design
Sonatype’s Latest Nexus Intelligence Shines a Light on Hidden JavaScript Vulnerabilities and Empowers Developers With Actionable Insights
August 29, 2018
Default
Sonatype Launches New and Enhanced Open Source Software Index, Delivering Free Open Source Vulnerability Data to Millions of Developers
July 25, 2018
Default
Wayne Jackson, CEO of Sonatype, Named EY Entrepreneur Of The Year® 2018 in the Mid-Atlantic Region
July 23, 2018
In the news

Media Hit
You don’t have to go through hell managing software dependencies
techradar
March 13, 2023

Media Hit
What the National Cybersecurity Strategy means for software providers
SD Times
March 3, 2023

Media Hit
14 Smart Strategies For Establishing A Secure Software Supply Chain
Forbes
February 24, 2023

Media Hit
Sonatype BOM Doctor Evaluates and Helps Patch Java Software Bills of Materials
InfoQ
February 13, 2023

Media Hit
A Year Later, That Brutal Log4j Vulnerability Is Still Lurking
Wired
December 10, 2022

Media Hit
Report: 96% of vulnerable open-source downloads are avoidable
VentureBeat
November 25, 2022
.png?width=588&height=294&name=FinancialTimes-logo%20(1).png)
Media Hit
How technology can help redraw the supply chain map
Financial Times
November 22, 2022

Media Hit
Security pros breathe sigh of relief after new OpenSSL flaws less severe than feared
protocol
November 1, 2022

Media Hit
3 trillion open source downloads, a 633% rise in malicious activity -- and a worrying sense of security
The Stack
October 18, 2022

Media Hit
Production-ready SBOMs, Sonatype & Red Hat align for slicker software factories
ComputerWeekly.com
August 31, 2022
Media Hit
Protestware on the rise: Why developers are sabotaging their own code
Tech Crunch
July 27, 2022

Media Hit
Digital supply chains: the latest target for cyber attacks
Raconteur
May 5, 2022


Media Hit
Biden's Cybersecurity Strategy Calls for Software Liability, Tighter Critical Infrastructure Security
DARK Reading
March 2, 2022

Media Hit
Two Months On, Many Developers Are Still Downloading Flawed Log4j Tool
Wall Street Journal
February 10, 2022

Media Hit
Sonatype, which secures open source code, lays groundwork for IPO
VentureBeat
January 27, 2022

Media Hit
March 16, 2021 - Sonatype acquires MuseDev, expands Nexus code analysis platform
Venture Beat
March 16, 2021


Media Hit
December 31, 2020 - For CIOs, There’s No Place Like Home (Office)
December 31, 2020

Media Hit
December 23, 2020 - CIOs Expect Tech Investments to Climb in 2021
December 23, 2020

Media Hit
December 18, 2020 - SolarWinds, the World’s Biggest Security Failure and Open Source’s Better Answer
December 18, 2020

Media Hit
December 09, 2020 - The future of DevOps: 21 predictions for 2021
December 9, 2020

Media Hit
October 13, 2020 - Sonatype: what dependency management did next (generation)
October 13, 2020

Media Hit
October 07, 2020 - Sonatype Advances Open Source Code Quality, Security
October 7, 2020

Media Hit
October 07, 2020 - Sonatype helps development teams handle code dependencies
October 7, 2020

Media Hit
October 06, 2020 - Open source security: Malicious NPM packages broadcast sensitive user data online
October 6, 2020

Media Hit
October 06, 2020 - Four npm packages found uploading user details on a GitHub page
October 5, 2020

Media Hit
October 01, 2020 - Sonatype Finds 'Typosquatting' Packages in npm
October 1, 2020


Media Hit
August 13, 2020 - The state of application security: What the statistics tell us
August 13, 2020


Media Hit
August 12, 2020 -Report: A 430% increase in next-generation supply chain attacks in last year
August 12, 2020


Media Hit
August 12, 2020 - ‘Open Season on Open Source,’ Supply Chain Survey Warns
August 12, 2020

Media Hit
August 12, 2020 -Upstream attacks on open source ecosystem up 400% as criminals seek to compromise applications at scale
August 12, 2020

Media Hit
July 29, 2020 - Sonatype ranks sixth on Fast Company’s Best Workplaces for Innovators
July 29, 2020


Media Hit
June 25, 2020 - Second Annual Cybersecurity Impact Awards Announces Honorees
June 25, 2020

Media Hit
June 19, 2020 - Interview: Sonatype’s Brian Fox on open source security and ‘drama-free’ DevSecOps
June 16, 2020

Media Hit
June 3, 2020 - Sonatype’s Nexus Platform Offers Three New DevOps Integrations for Atlassian
June 3, 2020

Media Hit
June 1, 2020 - Octopus Scanner malware infected GitHub repositories & developers’ devices
June 1, 2020

Media Hit
June 1, 2020 - How Octopus Scanner malware attacked the open source supply chain
June 1, 2020


Media Hit
May 21, 2020 - Productivity and WFH: Developers slow to bounce back worldwide as lockdown lifts
May 21, 2020

Media Hit
May 20, 2020 - Five Reasons Happy Developers Build in Better Security
May 20, 2020

Media Hit
May 20, 2020 - 16 cybersecurity startups that are promising even in a down economy
May 20, 2020



Media Hit
April 10, 2020 - The New Stack Context: The Secret of Successful DevSecOps Shops
April 10, 2020


Media Hit
April 7, 2020 - Happy Devs like DevOps, but not necessarily managers, other Devs…
April 7, 2020

Media Hit
April 7, 2020 - DevSecOps Survey: You need happy developers to build secure software
April 7, 2020

Media Hit
March 27, 2020 - Open Source Developers Are Security’s New Front Line
March 27, 2020

Media Hit
March 16, 2020 - Microsoft's GitHub absorbs NPM into its code-hosting empire
March 16, 2020

Media Hit
March 16, 2020 - GitHub's NPM Acquisition Will Boost JavaScript Security
March 16, 2020

Media Hit
March 9, 2020 - Cloud And Open Source Can Reinvent Tech Conferences In The COVID-19 (And Carbon-Negative) Era
March 9, 2020

Media Hit
February 10, 2020 - What Is DevSecOps and How to Enable It on Your SDLC?
February 10, 2020

Media Hit
February 5, 2020 - Who's leading in DevOps? Click here to see the shortlist for DevOps Excellence 2020
February 5, 2020

Media Hit
January 27, 2020 - New IoT Security Regulations: The Devil’s in the Details
January 27, 2020

Media Hit
January 27, 2020 - Facebook's Nick Clegg claims Whatsapp messages “cannot be hacked"
January 27, 2020


Media Hit
November 26, 2019 - Open Source Code Security and Your Enterprise
November 26, 2019

Media Hit
November 12, 2019 - Sonatype Delivers Premium Open Source Controls to GitHub Users
November 12, 2019

Media Hit
November 12, 2019 - Deloitte's Fast 500 list includes 10 Maryland tech companies
November 8, 2019

Media Hit
November 5, 2019 - Developers, The Enterprise, and Open Source Security
November 5, 2019

Media Hit
October 24, 2019 - Sonatype Nexus Lifecycle and WhiteSource: Buyer's guide and reviews October 2019
October 24, 2019

Media Hit
October 18, 2019 - Arm joins forces with UK government in “significant milestone” in designing out cyber threats
October 18, 2019

Media Hit
October 14, 2019 - 5 practical ways your organization can benefit from DevSecOps
October 14, 2019

Media Hit
October 16, 2019 - Open Source Vulnerabilities Cut Across Sectors
October 9, 2019

Media Hit
October 9, 2019 - Application Security: Why Open Source Components Matter
October 9, 2019

Media Hit
October 8, 2019 - Why we need a true measure of application security health
October 8, 2019


Media Hit
October 3, 2019 - Tech Titans 2019: Washington’s Top Tech Leaders
October 3, 2019

Media Hit
October 2, 2019 - DevOps 100: Top leaders, practitioners, experts to follow
October 2, 2019

Media Hit
October 2, 2019 - Northern Virginia Technology Council Announces 2019 Capital Cyber Award Winners
October 2, 2019

Media Hit
October 1, 2019 - Amazon Promotes 'Extremely Creepy' Security Cameras That Can Be Easily Hacked To Spy on You
October 1, 2019

Media Hit
October 1, 2019 - Amazon Promoted Webcams Vulnerable To Hackers, Warns Which?
October 1, 2019

Media Hit
September 28, 2019 - How To Install Latest Sonatype Nexus 3 on Linux
September 28, 2019

Media Hit
September 26, 2019 - Sonatype builds automated malware prevention for open-source libraries
September 26, 2019

Media Hit
September 25, 2019 - Growjo Launches Fastest Growing Washington DC Companies Award For 2019
September 25, 2019

Media Hit
September 6, 2019 - What are open-source operating systems? Everything you need to know
September 6, 2019


Media Hit
August 22, 2019 - Here's what Elon Musk, Richard Branson, and 53 other successful people ask job candidates during interviews
August 22, 2019

Media Hit
August 21, 2019 - Veristor and Forty8Fifty Labs Partner with Sonatype on Development and Delivery of Open Source Governance
August 21, 2019


Media Hit
July 29, 2019 - 5 ways to shift your app sec team's focus to the supply chain
July 29, 2019

Media Hit
July 18, 2019 - 2019 State of the Software Supply Chain Report: 5 key takeaways
July 18, 2019

Media Hit
July 5, 2019 - State of the Software Supply Chain: Secure Coding Takes Spotlight
July 5, 2019



Media Hit
June 27, 2019 - Amid Supply Chain Concerns, is Open Source Software Secure?
June 27, 2019

Media Hit
June 26, 2019 - Good news, bad news in new open source software report
June 26, 2019

Media Hit
June 26, 2019 - Report: Code Responsible for Equifax Breach Downloaded 21 Million Times Last Year
June 26, 2019

Media Hit
June 25, 2019 - Report: Not all open-source software is created equal
June 25, 2019

Media Hit
June 25, 2019 - State of the Software Supply Chain Report 2019: Best Practices für Open-Source-Entwickler
June 25, 2019

Media Hit
June 25, 2019 - UK Firms Riddled With Vulnerable Open Source Software
June 25, 2019

Media Hit
June 25, 2019 - Vulnerable software components widely used by enterprises
June 25, 2019

Media Hit
May 30, 2019 - Open Source Security - How to Defend at the Speed of Attack
May 30, 2019

Media Hit
May 25, 2019 - GDPR one year on -- what have we learned and what happens next?
May 25, 2019
Press kit
Access some basic statistics, descriptions, and brand assets you may find helpful when writing about Sonatype.
2008
year founded in Fulton, Maryland
600+
employees from 50 countries and 15 languages
2,000+
organizations supported, including 70% of Fortune 100
15 million
developers rely on Sonatype
Fulton, MD
headquarters
Maven Central
stewards