Sonatype Introduces Next Generation Dependency Management | Press Release

Remediate vulnerabilities 3.4x faster
Discover why teams updating OSS dependencies 18x faster improve secure coding outcomes
36,000 development teams studied
Read the six critical behaviors exhibited by the top 1200 teams
Vulnerable component use reduced 55%
Learn how the best development teams are 12x more likely to automate OSS governance to reduce cyber risks.
SON_Headshot_Gene_Kim@2x “It was a privilege to be part of this research effort to better understand the health and habits of the open source component ecosystem, where we could study all the Java artifacts stored in The Central Repository, which some of us know as 'Maven Central,'” said Gene Kim Author, Researcher, and Founder of IT Revolution. “It was incredible to explore how exemplars achieve better outcomes (quality, security, popularity), and what factors correlated with them, such as team size, release frequency, number of dependencies, their strategy to update them, and many more.”

Improving outcomes with DevSecOps and automation.


Automation accelerates the demand for open source.

In 2018, download requests for Java components grew 68% year over year to 146 billion. Downloads of npm packages reached 10 billion per week — equating to a 185% year over year.

Average days

The best open source project teams are blue.

Exemplary OSS project teams demonstrate 3.4x faster vulnerability remediation, were 6x more popular, had 33% larger development teams and were 9.3x more likely to have a process to proactively remove problematic dependencies.

55 percent reduction

DevSecOps automation reduces OSS risks.

Organizations automating open source governance as part of a managed software supply chain practice reduced the percentage of vulnerable components used in finished applications by 55%.

Ready to Try Nexus Products?

Sonatype, A Better Way to Build