<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 ">

Sonatype & HackerOne Team Up to Make Open Source Safer Press Release

Press Releases

The latest scoop on Sonatype.


Sonatype and HackerOne Team Up to Make Open Source Safer

Pioneering program makes reporting open source vulnerabilities easier than ever

Fulton, Md.  – March 21, 2019 Sonatype, the inventors of software supply chain management, today announced a partnership with HackerOne, the leading hacker-powered security platform, to create The Central Security Project (CSP). The first-of-its-kind program brings together the ethical hacker and open source communities to streamline the process for reporting and resolving vulnerabilities discovered in libraries housed in The Central Repository, the world’s largest collection of open source components.

5,558 IT Professionals Reveal Patterns of Elite DevSecOps Practices

2019 DevSecOps Community Survey shows mature programs are 700% more likely to automate security, as adversaries accelerate pace

SAN FRANCISCO - RSA Conference – March 4, 2019 Sonatype, the inventors of software supply chain automation, today published findings from its 6th annual DevSecOps Community Survey of 5,558 IT professionals, making it the largest DevSecOps survey ever conducted. The survey, developed in partnership with CloudBees, Carnegie Mellon’s Software Engineering Institute, Signal Sciences, 9th Bit, and Twistlock, unveiled a new portrait of what organizations with elite DevSecOps programs look like in the face of accelerating attacks from bad actors.

Sonatype’s Nexus Firewall Now Protects JFrog Artifactory

World’s First Application Security Solution that Universally Protects DevOps Pipelines from Vulnerable Open Source Components

Fulton, MD.  – February 28, 2019 –  Sonatype, the inventors of software supply chain management, announced today that Nexus Firewall is now available to JFrog customers to automatically stop vulnerable open source components from entering into Artifactory Repository Managers.  

Kenna Security and Sonatype Partner to Enhance Risk-Based Vulnerability Management with Open Source Intelligence

New relationship underscores the need for enterprises to manage open source risk as part of an integrated and comprehensive security program

SAN FRANCISCO, Calif. and FULTON, Md. – February 26, 2019 – Today, Sonatype, the leader in automated open source governance and Kenna Security, a leader in predictive cyber risk, announced a strategic partnership to enhance the risk-based vulnerability management strategies of modern enterprises with best-in-class intelligence on open source components.

Sonatype Adds End-to-End Security for PyPI Packages

Fulton, MD – February 6, 2019 -- Today, Sonatype, the leader in automated open source governance, released a new version of its Nexus Lifecycle product giving Python development teams a simple way to manage PyPI packages and eliminate potential security risk lurking within third-party dependencies.

Sonatype Selected by Equifax to Support Open Source Governance & Security

Fulton, MD – January 29, 2019 -- Sonatype, the leader in automated open source governance and application security, today announced that Equifax Inc. (NYSE: EFX) has selected Sonatype’s Nexus platform to intelligently manage and monitor the use of open source libraries across its application portfolio. The selection was made following a competitive review.

Total Economic Impact Study on Sonatype’s Nexus Platform Reveals 232% ROI and 20% Reduction in Risk of Breach

New independent study finds Sonatype’s products save $14,000 per developer per year when improving secure coding practices

FULTON, MD – Jan 29, 2019 - Sonatype, the leader in automated open source governance, announced the release of The Total Economic Impact™ Of The Sonatype Nexus Platform, a commissioned study conducted by research firm Forrester Consulting. In the study, Forrester found that organizations using the Nexus Platform received an average of 232% return on their investment over three years and saw a net benefit achieved in under 12 months due to increased developer productivity, decreased risk of breaches and time-saved by security and compliance staff.

Sonatype Recognized as Leading Provider of Software Composition Analysis by Independent Research Firm

New report highlights insights about software composition analysis (SCA) vendors, as the need for automated Application Security increases exponentially

FULTON, MD – Jan 25, 2019 - Sonatype, the leader in automated open source governance, announced it has been recognized as one of five “large” SCA Specialists in Forrester Research’s new Now Tech: Software Composition Analysis, Q1 2019 report. According to Forrester, the report was developed to help security professionals understand the value, and increasing need, for SCA as well as the types of programs and strategies that various vendors provide, based on size and functionality.

Sonatype Expands its Executive Team Following an Outstanding 2018

Company increases new business by 67% in 2018, adds new leadership to accelerate global expansion and product innovation, with a people-first approach

FULTON, MD – Jan 08, 2019 - Sonatype, the leader in automated open source governance, today announced an expanded senior management team with the appointments of Kristin Davidson to Vice President of Human Resources, Tyler Shields to Vice President of Strategy and Business Development, and the promotion of Dalton Menhall to Vice President of Sales - The Americas. All three bring decades of experience to crucial business functions, helping to accelerate Sonatype’s already rapid growth and pace of innovation.

Sonatype Named to Deloitte’s 2018 Technology Fast 500™, Recognized as One of the Fastest Growing Companies in North America

FULTON, MD - November 16, 2018 - Sonatype, the leader in automated open source governance, today announced it ranked 346 on Deloitte’s Technology Fast 500™, a ranking of the 500 fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America. The recognition comes during a banner growth year for the company and on the heels of announcing an $80 million minority investment led by TPG. This is the third year in a row Sonatype has ranked as a Technology Fast 500™ award winner.