Press Releases

Advanced Development Pack harnesses first-of-its-kind intelligence to help teams improve code quality, minimize breaking changes, and integrate next-gen security.

Fulton, MD – Wednesday, Oct. 7, 2020 — Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today unveils its breakthrough Advanced Development Pack that fundamentally changes how teams manage code dependencies. Designed after studying development and cybersecurity hygiene practices across 30,000 software teams, this new offering available to Nexus Lifecycle customers, ensures developers select the highest quality OSS components that are used to build 90% of a modern application.

New Integration Provides Enterprise-Grade Policy Control for Containers Directly in Nexus Lifecycle

Fulton, MD – Wednesday, Sept. 16, 2020 - Sonatype, the company that scales DevOps through open source governance and software supply chain automation, and NeuVector, the leader in full lifecycle container security, today announced a new integration that provides a comprehensive view of all Kubernetes and Container open source risk in one place. 

Study shows high performance engineering teams release 15x more often and remediate open source vulnerabilities 26x faster

Fulton, Md. - August 12, 2020 -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today released its sixth annual State of the Software Supply Chain Report. 

Study also finds 51% of organizations require more than a week to remediate new zero day vulnerabilities

Fulton, Md. - August 12, 2020 -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today released its sixth annual State of the Software Supply Chain Report. This year’s report found a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains.  

Nearly One-Third of Happy Coders Say Security is a Top Concern, Showing Desire for Change in the Industry

Fulton, MD – June 4, 2020 -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today published Healthcare industry-specific findings from its seventh annual DevSecOps Community Survey. The survey pulls back the curtain on successful DevSecOps practices and secure coding, and highlights trends in different verticals, including Healthcare.

Mature Practices are 3.3 Times More Likely to Prioritize Application Security and 1.2 Times More Likely to Enjoy Their Work

Fulton, MD – June 4, 2020 — Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today published the Financial Services industry findings from its seventh annual DevSecOps Community Survey. The data look at DevOps practices in financial services and reveal connections between organizations’ adoption of DevOps practices, developer happiness and secure development.

Nearly Half of Government Coders with Mature DevOps Practices Say Security is a Top Concern

Fulton, MD – June 4, 2020 — Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today released government-specific findings from its seventh annual DevSecOps Community Survey. The survey pulls back the curtain on successful DevSecOps practices and secure coding, and highlights trends in different verticals, including government.

Happy Developers Automate Security Twice as Often as their Unhappy Peers, Showing Link between Security Best Practices and Work Culture

Fulton, MD – June 4, 2020 — Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today published Technology industry-specific findings from its seventh annual DevSecOps Community Survey, which was launched earlier this year. The findings, which delve into successful DevSecOps practices across sectors including technology, show a link between mature DevOps practices, job satisfaction among developers and strong security processes.

New Capabilities Will Accelerate Secure Coding Practices Across the SDLC

Fulton, MD – June 2, 2020 -- Sonatype, makers of open source governance and software supply chain management solutions, today released three integrations to automate DevSecOps practices for Atlassian customers. The Nexus platform integrations will help Atlassian customers improve secure coding practices and enhance application security as organizations seek to innovate faster and build higher quality applications at scale.

To accelerate the delivery of new features and applications, developers are increasingly reliant on open source components. While eighty to ninety percent of a modern application is built from these open source software building blocks, 28% of developers acknowledge security breaches associated with the components they use. To help developers build safer applications faster, Sonatype is delivering three new Nexus platform integrations for Atlassian customers.

Findings in contrast to US and Germany, which saw accelerated growth. China recovery indicates UK rebound is imminent

Fulton, MD – May 21, 2020 — The UK is experiencing a significant decline in software development activity during the COVID-19 crisis, according to data today released by Sonatype, the company that scales DevOps through open source governance and software supply chain automation. After analysing software development activity in seven key regions – the UK, the US, China, Germany, Spain, Italy, and India – Sonatype discovered that software development activity in the UK decreased by 28% since February 29th 2020. However despite this decline, the recent recovery of Chinese software development indicates that the UK is likely to rebound swiftly.