<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 ">

Sonatype & HackerOne Team Up to Make Open Source Safer Press Release

Press Releases

The latest scoop on Sonatype.


Sonatype Partners with All Day DevOps to Educate More Than 1 Million People Through an Expanded 2018 Program

The world’s largest DevOps conference will offer sessions from 125 experts

FULTON, MD - October 12, 2018 -  All Day DevOps, the largest conference in the world dedicated to sharing DevOps best practices, in partnership with Sonatype, the leader in automated open source governance and application security, today announced an expanded 2018 program, updated agenda and full list of sponsors. The free conference, which streams live for 24 hours starting at 8:00 am GMT on October 17, 2018 (3:00 am New York, 7:00 pm Sydney), now features 125 practitioner-led sessions, across five tracks, including keynotes from:

  • Amélie Koran, Deputy Chief Information Office, HHS Office of Inspector General
  • Cindy Healy, Director, Microsoft Worldwide Learning Experiences
  • Dave Rensin, Director of Customer Reliability Engineering and Network Capacity, Google
  • George Swan, Director of Engineering Solutions, Autodesk
  • Rob England, Managing Director, Two Hills Ltd

Micro Focus Extends Partnership with Sonatype to Bring Best-in-Class Open Source Security to all Fortify Customers

Expanded relationship underscores the urgency for enterprises to manage open source risk as part of a comprehensive application security program

WASHINGTON, D.C. - Micro Focus Cybersecurity Summit 2018 - September 25, 2018 - Today, Sonatype, the leader in automated open source governance and application security, and Micro Focus, creator of Fortify Application Security Portfolio, announced an expanded strategic partnership to provide more enterprises with best-in-class open source governance and security.

Sonatype’s 2018 State of the Software Supply Chain Report Reveals Use of Vulnerable Open Source Increased 120%, Despite Equifax Breach

New data shows managed software supply chains are 2X more efficient and 2X more secure

FULTON, MD - September 25, 2018 - Sonatype today released its fourth annual State of the Software Supply Chain Report which found that software developers downloaded more than 300 billion open source components in the past 12 months, and that 1 in 8 of those components contained known security vulnerabilities.

TPG Leads $80 Million Investment in Sonatype

Capital to Fuel Global Growth Requirements as Automated Open Source Governance Goes Mainstream

FULTON, MD - September 07, 2018 - Sonatype, the leader in automated open source governance, today announced an $80 million minority investment led by TPG, a global alternative asset firm, with additional participation by existing investors Accel, Goldman Sachs Group and Hummer Winblad. This capital will be leveraged to accelerate sales, marketing, and R&D investments, fund strategic corporate objectives, and expand Sonatype’s Nexus platform offerings now used by more than 10 million software developers and 1,000 enterprises worldwide.

Sonatype’s Latest Nexus Intelligence Shines a Light on Hidden JavaScript Vulnerabilities and Empowers Developers with Actionable Insights

Solution Identifies Previously Unknown JavaScript Vulnerabilities Across Multiple Ecosystems, and Further Protects Nexus Customers

Fulton, MD – August 29, 2018 -- Today, Sonatype, the leader in automated open source governance, announced that it has deployed an updated version of Nexus Intelligence with enhanced JavaScript intelligence capabilities. Using patented Advanced Binary Fingerprinting (ABF) technology to identify JavaScript vulnerabilities lurking inside of multiple open source ecosystems, Nexus is the world’s first open source governance solution capable of uncovering malicious pieces of JavaScript code, which no other technology can identify.

Sonatype Launches DepShield App to Democratize Open Source Governance

DepShield empowers GitHub’s 28 million developers to automatically identify open source security vulnerabilities within their GitHub repositories, for free

Fulton, MD – August 14, 2018 -- Sonatype, the leader in automated open source governance, today announced Sonatype DepShield, a new GitHub application that enables developers to experience basic open source governance, free of charge. Powered by Sonatype’s OSS Index, DepShield integrates directly into GitHub repositories and allows developers to easily identify and avoid using open source components with known vulnerabilities.

Sonatype Named to JMP Securities’ 2018 Hot 100 List

Fulton, MD – August 3, 2018 -- Sonatype, the leader in automated open source governance, today announced it has been named to the JMP Securities’ Hot 100 list of the hottest privately held software companies for 2018. Compiled annually by JMP, the list profiles the top 100 private companies based on multiple criteria including financial growth, products and services, quality of leadership team and market potential. This is the third time Sonatype has been named to the list.

Sonatype Launches New and Enhanced Open Source Software Index, Delivering Free Open Source Vulnerability Data to Millions of Developers

The newly improved Index is designed to easily integrate with developer tools like Maven Enforcer Plugin and OWASP Dependency Check

Fulton, MD – July 25, 2018 -- Sonatype, the leader in automated open source governance, today announced a revamped and modernized OSS Index to provide developers with free and easily accessible information on known open source vulnerabilities.  The Index provides multi-language support, easy implementation through a REST API and native integrations with Maven Enforcer Plugin and OWASP Dependency Check.

Wayne Jackson, CEO of Sonatype, Named EY Entrepreneur Of The Year® 2018 in the Mid-Atlantic Region

Jackson was honored in the cybersecurity category for his ingenuity, tenacity and continued prosperity

Fulton, MD – June 15, 2018    Sonatype, the leader in automated open source governance and DevSecOps, today announced that Sonatype’s CEO, Wayne Jackson, received the EY Entrepreneur Of The Year® 2018 Mid-Atlantic Award in the Cybersecurity category.

Sonatype to Live Stream Inaugural Nexus User Conference

More than 1,500 people participating online with free access to 25 customer led sessions

Fulton, MD – June 05, 2018 -- Sonatype, the leader in automated open source governance and DevSecOps, will host over 1,500 people at it’s inaugural Nexus User Conference, June 6 - 7, 2018. The event will be live streamed and is completely free for all attendees,  removing traditional barriers to conference attendance such as cost and days away from the office. Live Q&A with all speakers is available via Slack.