Press Releases

Company Bolsters Leadership Team After Surpassing $100 M ARR Milestone, Further Accelerating Global Expansion as Organizations Increasingly Turn to Sonatype to Understand and Secure their Software Supply Chains 

April 19, 2022 -- Fulton, Md. -- Sonatype, the pioneer of software supply chain management, today announced another quarter of extraordinary growth. It follows the milestone of exceeding $100 million in annual recurring revenue in 2021. The company continues to build for the future by expanding its senior management team with the appointment of Bruce Gordon to Senior Vice President, Global Channel Sales & Alliances and the promotion of Katy Hiller to Senior Vice President, Global Marketing. 

• Addition of proven leader Alex Berry, largest Q4 ever, and 200+ new hires bolster momentum for 2022
• Company growth showcases importance of intelligent, full-spectrum software supply chain management for both developers and security teams 

January 27, 2021 -- Fulton, Md. -- Sonatype, the pioneer of software supply chain management, today announced it has joined the ranks of the world’s most successful companies and surpassed $100 million in annual recurring revenue (ARR). The company also announced the appointment of Alex Berry as its first president, further positioning Sonatype to play a pivotal role in the booming global software development market. 

Sonatype’s free scanning and analysis tools allow developers to quickly detect and remediate Log4j vulnerabilities

Fulton, MD – December 22, 2022 – The Log4j open source component has been downloaded nearly five million times since a critical vulnerability was first discovered in it on December 10th. However, 40% of those downloads are still of the known critically vulnerable versions, according to new data released by Sonatype, the pioneer in intelligent and secure software supply chain automation. 

Company joins the Open Source Security Foundation and OpenChain Project, sponsors Python Software Foundation  

October05, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain automation and security, today announced three partnerships with important open source community foundations and projects as part of its ongoing mission to give back, support, and help protect open source ecosystems. 

Developer Demand for Open Source Increased 73% Year over Year; 29% of Popular Project Releases Are Vulnerable, Highlighting the Critical Need for Automated Dependency Management

September 15, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain automation and security, today released its seventh annual State of the Software Supply Chain Report that reveals continued strong growth in open source supply and demand dynamics.  Further, with regard to open source security risks, the report found a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. This year’s research also presents innovative empirical metrics that can be used to identify exemplary projects, and data-driven guidance to help software engineering teams optimize decisions on when, and when not to, update to new versions of open source libraries.  Finally, based on survey responses collected from 702 software engineering professionals, the research observes a fundamental disconnect between people’s subjective beliefs about software chain management practices, and objective results as measured across 100,000 applications.

The cloud-native platform, Sonatype Lift, enables developers to find and fix performance, reliability, and security bugs by automatically analyzing pull requests and delivering results as comments in code review.

June 15, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain automation and security, today unveils Sonatype Lift (Lift), a first-of-its-kind, cloud-native, deep code analysis platform. Lift installs easily on any source repository in minutes and provides developer-friendly feedback on a wide range of bug types, ranging from lightweight style issues to complex coding errors commonly found in first-party source code and third-party open source libraries.

Awards celebrate bold innovators and fearless experimenters transforming software supply chain management and delivering stunning successes with remarkable results. Winners to be announced on June 17 at ELEVATE 2021, Sonaype’s User Conference 

June 10, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain management and security, today unveiled the list of Sonatype Elevate Awards finalists. The software development life cycle (SDLC) and its associated software supply chain is the driving engine for innovation for enterprises, nonprofits, and government agencies across the globe. In its inaugural year, the Elevate Awards were created to recognize and celebrate the innovators powering this engine and serving as role models for the industry to learn from. 

AMSTERDAM - June 10, 2021 - Amazic Distribution, one of EMEA’s largest trusted suppliers and solution advisors for partners, individuals and many of the world’s largest organisations, today announced a strategic partnership with Sonatype, the leader in developer-friendly tools for software supply chain automation and security.

CycloneDX API Creates Standardized Way to Integrate and Share SBOMs

May 13, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain management and security, today announced its support for the CycloneDX Software Bill of Materials (SBOM) standard, a lightweight specification designed for use in application security and software supply chain contexts.  Sonatype is proud to have assisted CycloneDX project organizers in defining the software industry’s first standard for automated SBOM data exchange.  Furthermore, Sonatype has utilized the CycloneDX standard to create an API that provides third-parties with an easy way to integrate and share SBOMs between Sonatype products and other systems.

The Advanced Legal Pack mitigates license risk through automation, providing a more efficient way to collect, compile, report, and remediate open source legal obligations

May 4, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain management and security, today unveiled its Advanced Legal Pack which fundamentally changes how both legal teams and developers manage open source licenses and compliance. Using machine learning and artificial intelligence, the pack automates open source license compliance eliminating manual work, drastically improving team productivity, and expediting development innovation and release times.