Report Finds 430% Increase in Next-Gen Open Source Cyber Attacks | Press Release

Press Releases

The latest scoop on Sonatype.

Sonatype Collaborates With All Day DevOps to Connect More Than 6,000 IT Pros Working From Home During the COVID-19 Pandemic

The 2020 virtual event is connecting work-from-home DevOps practitioners around the globe to participate in a 10-hour conference starting at 6 am ET on April 17.

McLean, VA – April 16, 2020Sonatype, the company that scales DevOps through open source governance and software supply chain automation, has collaborated with over 40 other companies and community supporters to produce a special edition of All Day DevOps, the world’s largest DevOps conference. With the majority of the world's DevOps community now working from home, ADDO, now in its fifth year, has created a “Spring Break Edition” in response to the COVID-19 pandemic. The conference will live stream for 10 hours, starting at 6:00 am ET on April 17, 2020. The previous ADDO conference held on November 12, 2019, featured over 150 keynotes and sessions and attracted nearly 40,000 attendees, including 84 Fortune 100.

Sonatype Finds Mature DevSecOps Practices Lead to Happier Developers, More Secure Code

Annual Survey Finds Happy Coders 3.6X More Likely to Build Secure Applications

Fulton, MD – April 7, 2020 -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today published findings from its seventh annual DevSecOps Community Survey, based on responses from 5,045 software engineering professionals.  The survey, developed and conducted in partnership with Carnegie Mellon’s Software Engineering Institute, CloudBees, DevOps Institute, DevOps.com, DevSecOps Days, NowSecure, Security Boulevard, Verica, and All Day DevOps, pulls back the curtain on successful DevSecOps practices, significant influences on developer satisfaction, trends in secure coding, and application breaches. 

Sonatype Expands its Fully Automated Open Source Security and Governance Solution to Support C/C++, PHP and Ruby

Nexus Lifecycle now allows users to scan applications for open source software vulnerabilities, automatically enforce open source governance policies, and easily remediate open source risk for 27 different languages and package formats.

Fulton, MD – March 12, 2020 -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today announced it’s further expanded its language coverage within Nexus Lifecycle to include Conan (C/C++), Composer (PHP), and RubyGems (Ruby), including the ability to create and contextually enforce policies. By continuing to increase support for the most popular component formats, Nexus Lifecycle is helping millions of developers and security professionals to automatically govern open source hygiene across every phase of the software development lifecycle (SDLC).

Sonatype Channel Partner Program Sees Triple Digit Growth in EMEA

Key Partners from Europe, Middle East, Africa and Russia Honored at 4th Annual Sonatype Partner Awards on March 5th, 2020.

AMSTERDAM – March 5, 2020 -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, announced its EMEA and International channel partner program grew more than 100% in revenue over the last three years. The company’s rapidly growing channel partner ecosystem, which has helped exponentially expand the reach of its automated DevSecOps platform, will be honored at Sonatype’s Fourth Annual EMEA Partner Summit in Amsterdam. 

Sonatype Overhauls JavaScript Scanning; Provides npm Automated Pull Requests and More Free Developer Tools

Enhanced solutions take advantage of new algorithms to better identify security vulnerabilities in open source npm packages

Fulton, MD – March 3, 2020 -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, announced an enhanced suite of JavaScript intelligence capabilities that provides developers with improved accuracy, increased policy control, and faster remediation of open source vulnerabilities across the entire software development lifecycle (SDLC). 

Sonatype Streamlines Deployment for Millions of Developers Using Kubernetes, Adds Native Helm Support to Nexus Repository

Fulton, MD – February 24, 2020 -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, now includes native support for Helm in Nexus Repository (NXRM). Additional support for developers using Helm Chart Repositories, and by extension Kubernetes, is part of the company’s commitment to strengthening container-based development and ensuring NXRM always enables users to universally manage software libraries and build artifacts.

Eficode and Sonatype Partner to Secure the Software Supply Chain for Modern Enterprise Organisations

With the Sonatype Nexus Platform, Eficode helps customers understand the importance of shifting left and automating open source security across the DevOps pipeline

Helsinki, Finland, Nov. 27, 2019 -- Today, Eficode, the European leader in DevOps that is designing, optimising, and managing today’s evolving software development lifecycle processes with its DevOps Platform Eficode ROOT, announced a partnership with Sonatype, the inventors of software supply chain automation, to bring open source governance to its rapidly-growing customer base. 

Sonatype Fully Automates Container Security

Nexus Lifecycle delivers open API for best-in-class policy control for all container layers

Fulton, MD – Monday, Nov. 25 2019 - Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today announced an open API that makes it easy for third-party container scanners to integrate with Nexus Lifecycle and equip engineering teams with a holistic solution to automatically and accurately control risk related to containers traversing the modern software development lifecycle (SDLC).

Vista Equity Partners Acquires Majority Interest in DevOps Leader Sonatype

Partnership to Accelerate Global Growth and Innovation for Automating Open Source Governance and Software Supply Chain Hygiene

FULTON, MD - November 18, 2019 - Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today announced it has signed a definitive agreement to receive a majority investment from Vista Equity Partners (“Vista”), a leading investment firm focused on empowering and growing enterprise software, data and technology-enabled companies that are reinventing industries and catalyzing change. The partnership with Vista will allow Sonatype to further fast-track growth and enhance its Nexus product portfolio. Several of Sonatype’s existing investors will retain a stake in the company.

Sonatype Delivers Premium Open Source Controls to GitHub Users

New Integrations Deliver Enterprise-Grade Open Source Governance and Dependency Management to Millions of GitHub Developers

San Francisco - GitHub Universe – Tuesday, Nov. 12, 2019Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today announced new integrations that strengthen GitHub with premium open source governance and dependency management controls.