Sonatype Introduces Next Generation Dependency Management | Press Release

Press Releases

The latest scoop on Sonatype.

Adaptavist Offers Enterprise DevSecOps Solution With Sonatype Partnership

LONDON – December 01, 2020 -- Adaptavist, a digital transformation leader, today announced it has joined the Sonatype partner programme as a Platinum Enterprise Partner. The strategic partnership allows Adaptavist to offer improved application development security features to accelerate enterprise company’s go-to-market plans.

Sonatype and Fugue Partner to Shift Cloud Security Left and Ensure Continuous Policy Compliance

Innovative solution empowers developers to deliver secure applications and automatically help them configure secure and policy compliant cloud infrastructure

Fulton, MD and Frederick, MD – Thursday, Nov. 12, 2020 - Sonatype, the leading provider of innovation-friendly open source security tools, today announced a strategic partnership with Fugue, the company putting engineers in command of cloud security, to deliver the first infrastructure-as-code (IaC) solution that shifts cloud security left into the developer workflow. The partnership further advances the missions of Sonatype and Fugue to empower software developers with best-in-class tools so they can accelerate innovation and simultaneously improve application security, cloud infrastructure security, and continuous compliance with defined policy.

Tidelift Delivers Open Source Vulnerability Data to Subscribers with Sonatype

New Integration Provides Additional Open Source Vulnerability Identification and Remediation Capabilities to Tidelift Customers

BOSTON, Mass. – October 29, 2020 - Tidelift, the largest provider of commercial support and maintenance for the community-led open source behind modern applications, and Sonatype, a leading provider of open source intelligence, today announced that Tidelift has integrated Sonatype’s OSS Index data into the Tidelift Subscription to help developers more quickly identify and remediate security vulnerabilities in open source packages and libraries managed by Tidelift.

Sonatype Delivers Hardened Nexus Platform to DoD’s Platform One, Helps Accelerate Digital Innovation Across Federal Agencies

Nexus Lifecycle and Nexus Repository Now Meet Rigid Security and Compliance Standards Set by the United States Department of Defense

Fulton, MD – Thursday, Oct. 8, 2020 - Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today announced Nexus Lifecycle and Nexus Repository have been accepted into the Department of Defense’s (DoD) Platform One approved application portal. A fortified version of the Nexus Platform was released that meets DoD specifications for security - one of the most demanding certifications. 

Sonatype Introduces Next Generation Dependency Management for Software Developers

Advanced Development Pack harnesses first-of-its-kind intelligence to help teams improve code quality, minimize breaking changes, and integrate next-gen security  

Fulton, MD – Wednesday, Oct. 7, 2020 - Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today unveils its breakthrough Advanced Development Pack that fundamentally changes how teams manage code dependencies. Designed after studying development and cybersecurity hygiene practices across 30,000 software teams, this new offering available to Nexus Lifecycle customers, ensures developers select the highest quality OSS components that are used to build 90% of a modern application.

Sonatype and NeuVector Partner to Centralize Container and Open Source Security

New Integration Provides Enterprise-Grade Policy Control for Containers Directly in Nexus Lifecycle

Fulton, MD – Wednesday, Sept. 16, 2020 - Sonatype, the company that scales DevOps through open source governance and software supply chain automation, and NeuVector, the leader in full lifecycle container security, today announced a new integration that provides a comprehensive view of all Kubernetes and Container open source risk in one place. 

2020 State of the Software Supply Chain Report Released; Sonatype Reveals New Speed and Security Benchmarks

Study shows high performance engineering teams release 15x more often and remediate open source vulnerabilities 26x faster

Fulton, Md. - August 12, 2020 -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today released its sixth annual State of the Software Supply Chain Report

Sonatype’s 2020 State of the Software Supply Chain Report finds  430% Increase in Next Generation Open Source Cyber Attacks

Study also finds 51% of organizations require more than a week to remediate new zero day vulnerabilities

Fulton, Md. - August 12, 2020 -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today released its sixth annual State of the Software Supply Chain Report. This year’s report found a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains.  

One in Six Developers in Healthcare Industry Report Open Source Software Breaches, Sonatype Finds

Nearly One-Third of Happy Coders Say Security is a Top Concern, Showing Desire for Change in the Industry

Fulton, MD – June 4, 2020 -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today published Healthcare industry-specific findings from its seventh annual DevSecOps Community Survey. The survey pulls back the curtain on successful DevSecOps practices and secure coding, and highlights trends in different verticals, including Healthcare.

Sonatype Finds Links Between Leading DevSecOps Practices and Happy Developers Within the Financial Services Industry

Mature Practices are 3.3 Times More Likely to Prioritize Application Security and 1.2 Times More Likely to Enjoy Their Work

Fulton, MD – June 4, 2020Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today published the Financial Services industry findings from its seventh annual DevSecOps Community Survey. The data look at DevOps practices in financial services and reveal connections between organizations’ adoption of DevOps practices, developer happiness and secure development.