<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Warns Additional Breaches Loom Post-Equifax

9/18/17 - Sonatype, the leader in software supply chain automation, today released new data on the number of organizations that have downloaded vulnerable versions of the Struts2 component (CVE-2017-5638) exploited in the massive breach at Equifax.

Sonatype’s Nexus Lifecycle Measures the Performance of Better, Faster DevOps

8/10/17 Sonatype, the leader in software supply chain automation, today announced support of new application quality and ROI metrics within its Nexus Lifecycle solution. The new feature, known as Success Metrics, enables DevOps teams to quickly assess and measure the efficacy of their automated open source governance programs.  

Sonatype Adds Native Container Scanning to Nexus Lifecycle

8/10/2017 Sonatype, the leader in software supply chain automation, today released a new version of its popular Nexus Lifecycle product which now includes a built-in service that enables software development teams to automatically and continuously examine the security and quality of open source components used within container images.

Sonatype 2017 State of the Software Supply Chain Report Reveals DevOps Practices Reduce Use of Defective Open Source Components by 63 Percent

7/17/2017 Sonatype, the leader in software supply chain automation, today announced the release of its third annual State of the Software Supply Chain Report. This year’s report highlights risks lurking within open source software components and quantifies the empirical benefits of actively managing software supply chain hygiene.

Sonatype Acquires Vor Security; Introduces Nexus Lifecycle XC

6/29/2017 Sonatype, a leader in software supply chain automation, today announced that it has acquired VorSecurity. Ken Duck, founder and CEO of Vor will join the product and engineering team at Sonatype to continuously expand and refine the open source component intelligence service that underpins the Nexus platform.

Sonatype Integrates Nexus Lifecycle with Microsoft Visual Studio

6/20/2017 - Sonatype, the leader in software supply chain automation, today announced that it has released a new version of Nexus Lifecycle that includes an extension to Microsoft Visual Studio, a popular integrated development environment (IDE). 

Sonatype Nexus Repository Recognized as a Certified Red Hat OpenShift Solution

5/01/17 - Sonatype, the leader in software supply chain automation, today announced that it has containerized and certified its Nexus Repository to run on Red Hat OpenShift Container Platform. Red Hat OpenShift Container Platform enables developers to quickly build, host, and scale applications in a cloud environment.

New DevOps Research From Sonatype Reveals Changing Attitudes Toward Application Security in Financial Sector

4/25/17 - Sonatype, the leader in software supply chain automation, today announced the financial services results of its 2017 DevSecOps Community Survey. 412 financial services IT professionals participated in the online survey conducted in February 2017, out of a total of 2,292 survey respondents.

New DevOps Research From Sonatype Reveals Changing Attitudes Toward Application Security in Government

4/25/17 - Sonatype, the leader in software supply chain automation, today announced the government results of its 2017 DevSecOps Community Survey. 101 public sector IT professionals participated in the online survey conducted in February 2017, out of a total of 2,292 overall survey respondents.

New DevOps Research From Sonatype Reveals Changing Attitudes Toward Application Security in Telecommunications Sector

4/25/17 - Sonatype, the leader in software supply chain automation, today announced the telecommunications results of its 2017 DevSecOps Community Survey. 160 telecommunications IT professionals participated in the online survey conducted in February 2017, out of a total of 2,292 overall survey respondents.

Sonatype Announces Free Git LFS Support for Nexus Repository

4/20/17 - Sonatype, the leader in software supply chain automation, today announced that Nexus Repository is first to market with free support for Git Large File Size (LFS) artifacts. With the addition of Git LFS, Nexus Repository now supports eight of the most popular software component types, including Docker, Java, npm, NuGet, PyPI, Bower, and RubyGems.

Sonatype Introduces Free Next-Generation Repository Health Check

4/19/17 - Sonatype, the leader in software supply chain automation, today released the next generation of its free Repository Health Check (RHC) feature within its flagship Nexus Repository product.  As of today, all 120,000 organizations using Nexus will benefit immediately from the ability to automatically analyze the quality and security of open source software components housed within their Nexus Repository as part of their DevOps pipeline.

Sonatype Announces Secure DevOps Solution for Python Developers

4/19/17 Sonatype, the leader in software supply chain automation, today announced that its Nexus Firewall will offer support for automated governance of PyPI components before the end of the quarter.  Sonatype continues to lead the market in introducing application security technology at the earliest possible phase of the software development lifecycle for DevOps practices.

Sonatype Nexus Launches into Mesosphere DC/OS

4/18/17 - Sonatype, the leader in software supply chain automation, today announced that its Nexus Repository has received certification to run in Mesosphere DC/OS environments. Nexus Repository is the first to offer DC/OS users a free, private registry for Docker containers in addition to enterprise-scale artifact management for the most popular development languages. Nexus Repository offers the best way to organize, store, and distribute software components critical to DevOps and CI/CD toolchains.

Sonatype Launches the Nexus Exchange with 30 New Integrations

4/17/17 - Sonatype, the leader in software supply chain automation, today launched the Nexus Exchange and announced new Nexus platform integrations with CloudBees, GitHub, Microsoft, Puppet, XebiaLabs, and others.

Sonatype Named to JMP Securities Super 60 List of the Hottest Privately Held Companies

3/24/17 - Sonatype, the leader in software supply chain automation, announced today that for the second consecutive year it has been named to the JMP Securities’ Super 60 list of the hottest privately held internet security, network and storage companies.

New DevOps Research From Sonatype Reveals Changing Attitudes Toward Application Security

3/21/17 – Sonatype, the leader in software supply chain automation, today announced the results of its 2017 DevSecOps Community Survey.  2,292 IT professionals participated in the online survey conducted in February 2017. The survey revealed that mature development organizations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale. Analysis of responses also found that IT organizations continue to struggle with breaches as nearly a 50% increase was recorded between Sonatype’s 2014 and 2017 survey.

Sonatype Announces 300% Growth in Use of Nexus Repository Manager

1/18/17 – Sonatype, the leader in software supply chain automation, today announced 300 percent growth in the use of Nexus Repository over the past three years.  During this period, the number of active instances of Nexus Repository grew from 30,000 to 120,000 spurred by the introduction of Nexus Repository v3, universal support for component formats, and growing concern among enterprises about security vulnerabilities in open source components and containers.

Sonatype Adds Automated Container Analysis to Nexus Lifecycle

12/7/16 - Sonatype, the leader in software supply chain automation, today announced that it has incorporated Lifecycle Container Analysis (LCA) into its popular Nexus Lifecycle solution for automating the flow of components through modern software supply chains. Modern development teams can now automatically examine the quality and security of application components within containers moving through their DevOps pipeline.

Sonatype Named to Deloitte Technology Fast 500 for 2016

11/16/16 - Sonatype, the leader in software supply chain automation, has been ranked number 313 on the Deloitte Technology Fast 500 list for 2016. The Deloitte Technology Fast 500 is an annual ranking of the fastest growing North American companies in the technology, media, telecommunications, life sciences, and energy tech industries. This accolade comes on the heels of the company achieving record revenue and customer growth in the first half of 2016.

Sonatype Adds npm & JavaScript Intelligence to Nexus Platform

10/18/2016 - Sonatype, the leader in software supply chain automation, today unveiled an updated version of the Nexus platform that provides modern development organizations with unmatched, precise intelligence about npm and JavaScript components so they can continuously deliver higher quality software through DevOps automation and scale.

Sonatype Achieves Record Revenue and Customer Growth in First Half of 2016

9/20/2016 – Sonatype, the leader in software supply chain automation, today announced continued dramatic growth across every aspect of its Nexus software business.  Comparing H1 2015 to H1 2016, Sonatype’s accomplishments include...

Sonatype and CloudBees Launch DevOps Express Initiative

9/14/16 - Sonatype, the leader in software supply chain automation, today announced the launch of DevOps Express, a one-of-a-kind industry initiative that simplifies access to a set of integrated, battle-tested DevOps solutions aiming to accelerate any organization’s time-to-value.

Sonatype Introduces Nexus Repository Integration with CloudBees Jenkins

9/14/16 - Sonatype, the leader in software supply chain automation, today announced the availability of a new plug-in for the CloudBees Jenkins 2 platform that further automates release management processes with Nexus Repository.

Sonatype Announces Nexus Repository Pro with High Availability and Software Component Analysis Built-in

9/14/16 - Sonatype, the leader in software supply chain automation, today introduced the latest version of Nexus Repository Pro. The 3.2 version of Nexus Repository Pro will include built-in support for active-active high availability configurations and enhanced security and license analysis for open source components. Sonatype has also expanded Nexus Repository’s free, universal component support to include PyPI and RubyGems.

Sonatype Releases 2016 State of the Software Supply Chain Report

7/11/16 - Sonatype, the leader in software supply chain automation, today announced the release of its second annual State of the Software Supply Chain report. Based on the analysis of 31 billion download requests of open source software components from the Central Repository, which is managed by Sonatype, the report provides insight into the software supply chain practices from 3,000 development organizations and also includes software component analysis of 25,000 applications.

Sonatype Recognizes Individuals Embracing DevOps to Accelerate Software Innovation

6/8/16 -  Sonatype, the leader in software supply chain automation, today launched the Innovator’s Journey to DevOps, a series of interviews profiling individual DevOps practitioners who are transforming the way developers, IT operations, and security professionals collaborate to accelerate software innovation.

Sonatype Strengthens Continuous Delivery with New Atlassian Integrations

6/2/16– Sonatype, the leader in software supply chain automation, today announced new integrations with Atlassian’s product portfolio to better support Continuous Delivery and DevOps practices.  Following up on its previous integrations with Atlassian’s Bamboo and HipChat products, Sonatype is announcing four Nexus integrations with Atlassian products...

Sonatype Delivers Software Supply Chain Intelligence to IntelliJ IDEA Empowering Millions of Developers

5/11/16 - Sonatype, the leader in software supply chain automation, today announced Nexus Lifecycle support for IntelliJ IDEA. With this integration, Sonatype is first to deliver software supply chain intelligence to millions of developers using IntelliJ IDEA. 

Sonatype Releases Nexus Repository Manager 3.0

4/12/16 - Sonatype, the leader in software supply chain automation, today released the latest version of Nexus Repository, adding free support for seven of the most popular software component types.   Additionally, Sonatype announced that Nexus Repository has now surpassed 100,000 active installations, including a majority of the Fortune 100, and continues to experience massive growth in usage. Over the last three years, active Nexus Repository installations grew 240%.

Software Supply Chain Pioneer Sonatype Completes $30 Million Financing Led By Goldman Sachs

2/4/16 - Sonatype, the company dedicated to helping deliver higher quality software even faster, today announced the completion of a $30 million equity and debt financing led by Goldman Sachs’ Principal Strategic Investments Group, with all current investors participating in the round. The investment will be used to accelerate sales, marketing, product development, and international market opportunities.

Sonatype Introduces World’s First Repository Firewall: Continues to Reinvent How Quality Software is Manufactured

12/15/15 - Sonatype, the leader in software supply chain automation, today released Nexus Firewall (patent pending). Nexus Firewall provides perimeter quality control for software development. Similar to a network firewall, it leverages a set of organizationally defined rules that use automation to shield an organization from obsolete or dangerous open source and other third party components from entering or exiting application development.

Sonatype Is First to Market With A Free Universal Repository Manager to Include Support for Docker Images and npm JavaScript Modules

12/14/15 - Sonatype, the company dedicated to helping IT organizations deliver higher quality software even faster, today announced free format support for Docker and npm in the market leading Nexus Repository Manager, as well as the development of plug-ins for both Twistlock and npm On-site.

Study of 106,000 Software Development Organizations Reveals That The Way the World Creates Software is Broken

6/17/15 - Sonatype today released the results of an extensive study of the software development practices of 106,000 organizations representing 17 billion requests for open source and third party software components from the Central Repository in 2014 alone.  The study revealed that the way the world creates software is broken – with 23% of the components in the average software application containing known vulnerabilities.

Sonatype Unveils the Nexus Platform, Unlocking Developers’ Time to Focus on Innovation vs. Maintenance and Rework

6/15/15 - Sonatype today introduced the Nexus software platform designed to help IT organizations deliver higher quality software, even faster. The new Nexus software platform integrates the market leading Nexus repository managers, Sonatype’s software formerly known as Component Lifecycle Management (CLM), as well as many new capabilities.

Sonatype Named to JMP Securities’ Top 50 List of Hottest Privately Held Companies

3/30/15 - Sonatype, the Nexus company and a continuous delivery leader, today announced that it has been named to the JMP Securities Fast 50 list of hottest privately held security and networking companies. The list recognizes innovators that have the capability to dominate their respective markets.

Sonatype’s Nexus Repository Manager Installs Double in Last 18 Months, Reinforcing Dominant Market Share Position

2/26/15 - Sonatype, the Nexus company and a continuous delivery leader, today announced that its Nexus repository manager usage has doubled in the last 18 months (July 2013 to February 2015.) With five times more installs than any other repository manager, Nexus continues to be the industry standard for accelerating continuous software delivery and DevOps. 

US Congress Intervenes to Address Cyber Security Crisis with Software Supply Chain Focus

12/10/14 - Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today released a free Application Health Check to immediately alert federal agencies and software suppliers about known vulnerable open source components and where they exist within an application.

Sonatype’s New Software Release Determines OSS Risk and Provides Immediate Path to Resolution

11/17/14 - Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today released a new version of its Component Lifecycle Management (CLM) software. An industry first, developers can now avoid security risks without missing business-critical delivery deadlines.

Sonatype Brings NuGet Component Management to .NET Developer Community

10/1/14 - Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today announced free NuGet package support through its open source component manager – Nexus OSS. As developers are consuming an ever-increasing number of open source components -- now approaching 250 million downloads annually – the .NET community is seeking to improve build performance and stability through the use of component managers. This trend mirrors the evolution in the Java development environments where there are 13 billion open source component download requests managed annually. More than 40,000 organizations and teams seeking to improve their open source development performance and security have turned to Sonatype’s Nexus component managers -- all of which can now leverage available NuGet support.

Over 370 Organizations Report Confirmed or Suspected Open Source Breaches in Past 12 Months According to Sonatype Survey

7/22/14 - Three out of four organizations that build software applications either have failed to adopt policies to prevent the use of vulnerable software components or have neglected to ban even a single component to enforce existing policies, according to a new survey sponsored by venture capital firm New Enterprise Associates, Inc. (NEA) and software supply chain management company Sonatype. In the survey 3 out of 10 respondents actually admitted they either had or suspect a breach was caused by an open source component within the last 12 months.

80 Percent of the Largest US and European Banks Deploy Sonatype to Address Growing Software Security Threat

4/22/14 - Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, continues to find its software in high demand. The company credits this momentum to an increasing awareness of the urgent need to address the risks associated with flawed open source components being used in millions of mission-critical software applications.

Sonatype Adds 3rd Party & Open Source Component Visibility to HP Fortify on Demand

2/24/14 - Sonatype, the software company that enables developers to rapidly build secure software while also eliminating compliance and licensing risk, today announced that its component lifecycle management (CLM) analysis technology has been integrated with HP’s cloud-based software security solution – HP Fortify on Demand.

New Sonatype Software Protects The World's Enterprise Software Applications From Security, Compliance, And Licensing Threats

1/29/14 - Sonatype, the software company that enables developers to rapidly build secure software while also eliminating compliance and licensing risk, today released a new version of its Component Lifecycle Management (CLM) software.