Press Releases

As cloud transformations accelerate, Eficode makes shifting security left even easier by offering the Sonatype Nexus platform as part of its Eficode ROOT DevOps platform

Helsinki, Finland -- Thursday, Dec. 10, 2020 -- Eficode, Europe’s leading DevOps company, announced an expanded partnership with Sonatype, the leading provider of innovation-friendly open source security tools, to include management, hosting and licensing. This enables Eficode customers to have premium software composition analysis (SCA) and access to Sonatype unrivaled, in-depth open source intelligence and policy engine as a managed service and in the cloud, through the Eficode ROOT DevOps platform. 

Proven Industry Leader Jon Mellon Joins Sonatype to Expand the Sonatype Partner Ecosystem,  Accelerate Growth,  and Enhance Customer Engagement Globally 

Fulton, MD – Tuesday, Dec. 8, 2020 -- Sonatype, the leading provider of innovation-friendly open source security tools, today announced the appointment of a key addition to its executive management team, Jon Mellon, who joins the company in the newly created role of Chief Revenue Officer. With 10 million developers already relying on Sonatype to help them develop safer, software faster, and strong growth projected heading into 2021, the company is preparing for the next phase of rapid expansion with this addition. 

LONDON – December 01, 2020 -- Adaptavist, a digital transformation leader, today announced it has joined the Sonatype partner programme as a Platinum Enterprise Partner. The strategic partnership allows Adaptavist to offer improved application development security features to accelerate enterprise company’s go-to-market plans.

Innovative solution empowers developers to deliver secure applications and automatically help them configure secure and policy compliant cloud infrastructure

Fulton, MD and Frederick, MD – Thursday, Nov. 12, 2020 - Sonatype, the leading provider of innovation-friendly open source security tools, today announced a strategic partnership with Fugue, the company putting engineers in command of cloud security, to deliver the first infrastructure-as-code (IaC) solution that shifts cloud security left into the developer workflow. The partnership further advances the missions of Sonatype and Fugue to empower software developers with best-in-class tools so they can accelerate innovation and simultaneously improve application security, cloud infrastructure security, and continuous compliance with defined policy.

New Integration Provides Additional Open Source Vulnerability Identification and Remediation Capabilities to Tidelift Customers

BOSTON, Mass. – October 29, 2020 - Tidelift, the largest provider of commercial support and maintenance for the community-led open source behind modern applications, and Sonatype, a leading provider of open source intelligence, today announced that Tidelift has integrated Sonatype’s OSS Index data into the Tidelift Subscription to help developers more quickly identify and remediate security vulnerabilities in open source packages and libraries managed by Tidelift.

Nexus Lifecycle and Nexus Repository Now Meet Rigid Security and Compliance Standards Set by the United States Department of Defense

Fulton, MD – Thursday, Oct. 8, 2020 - Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today announced Nexus Lifecycle and Nexus Repository have been accepted into the Department of Defense’s (DoD) Platform One approved application portal. A fortified version of the Nexus Platform was released that meets DoD specifications for security - one of the most demanding certifications. 

Advanced Development Pack harnesses first-of-its-kind intelligence to help teams improve code quality, minimize breaking changes, and integrate next-gen security.

Fulton, MD – Wednesday, Oct. 7, 2020 — Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today unveils its breakthrough Advanced Development Pack that fundamentally changes how teams manage code dependencies. Designed after studying development and cybersecurity hygiene practices across 30,000 software teams, this new offering available to Nexus Lifecycle customers, ensures developers select the highest quality OSS components that are used to build 90% of a modern application.

New Integration Provides Enterprise-Grade Policy Control for Containers Directly in Nexus Lifecycle

Fulton, MD – Wednesday, Sept. 16, 2020 - Sonatype, the company that scales DevOps through open source governance and software supply chain automation, and NeuVector, the leader in full lifecycle container security, today announced a new integration that provides a comprehensive view of all Kubernetes and Container open source risk in one place. 

Study shows high performance engineering teams release 15x more often and remediate open source vulnerabilities 26x faster

Fulton, Md. - August 12, 2020 -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today released its sixth annual State of the Software Supply Chain Report. 

Study also finds 51% of organizations require more than a week to remediate new zero day vulnerabilities

Fulton, Md. - August 12, 2020 -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today released its sixth annual State of the Software Supply Chain Report. This year’s report found a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains.