An additional study of 12,000 commercial software engineering teams identified key characteristics of exemplary secure coding practices
LONDON – DevOps Enterprise Summit - June 25, 2019 -- Sonatype today released its fifth annual State of the Software Supply Chain Report. This year’s report reveals the best practices exhibited by exemplary open source software projects and commercial application development teams. As in years past, it also examines the rapidly expanding supply and continued exponential growth in consumption of open source components.
The June 12 Conference Features 44 Nexus Innovators, Customers and Industry Leaders
Fulton, MD – June 10, 2019 -- Sonatype, the inventors of software supply chain automation, will host its second annual Nexus User Conference on June 12, 2019. The free, live, and online event will bring together more than 2,000 DevOps and DevSecOps practitioners to galvanize the industry and share actionable insights, technical how-to’s, and first-hand stories about DevSecOps transformations.
BOSTON - Red Hat Summit – May 7, 2019 - Sonatype, the inventors of software supply chain automation, announced new capabilities for Red Hat Quay enterprise container registry enabling modern organizations to automate and enforce open source governance policies in the containerized applications they use every day.
Company CEO also Chosen as a Tech10 Honoree by Baltimore Business Journal
Fulton, Md. – April 29, 2019 – Sonatype, the inventors of software supply chain management, is proud to announce its been named one of the 50 Highest Rated Private Cloud Computing Companies on Glassdoor by Battery Ventures and one of Washingtonian Magazine's 50 Great Places to Work.
Pioneering program makes reporting open source vulnerabilities easier than ever
Fulton, Md. – March 21, 2019 – Sonatype, the inventors of software supply chain management, today announced a partnership with HackerOne, the leading hacker-powered security platform, to create The Central Security Project (CSP). The first-of-its-kind program brings together the ethical hacker and open source communities to streamline the process for reporting and resolving vulnerabilities discovered in libraries housed in The Central Repository, the world’s largest collection of open source components.
2019 DevSecOps Community Survey shows mature programs are 700% more likely to automate security, as adversaries accelerate pace
SAN FRANCISCO - RSA Conference – March 4, 2019 – Sonatype, the inventors of software supply chain automation, today published findings from its 6th annual DevSecOps Community Survey of 5,558 IT professionals, making it the largest DevSecOps survey ever conducted. The survey, developed in partnership with CloudBees, Carnegie Mellon’s Software Engineering Institute, Signal Sciences, 9th Bit, and Twistlock, unveiled a new portrait of what organizations with elite DevSecOps programs look like in the face of accelerating attacks from bad actors.
World’s First Application Security Solution that Universally Protects DevOps Pipelines from Vulnerable Open Source Components
Fulton, MD. – February 28, 2019 – Sonatype, the inventors of software supply chain management, announced today that Nexus Firewall is now available to JFrog customers to automatically stop vulnerable open source components from entering into Artifactory Repository Managers.
New relationship underscores the need for enterprises to manage open source risk as part of an integrated and comprehensive security program
SAN FRANCISCO, Calif. and FULTON, Md. – February 26, 2019 – Today, Sonatype, the leader in automated open source governance and Kenna Security, a leader in predictive cyber risk, announced a strategic partnership to enhance the risk-based vulnerability management strategies of modern enterprises with best-in-class intelligence on open source components.
Fulton, MD – January 29, 2019 -- Sonatype, the leader in automated open source governance and application security, today announced that Equifax Inc. (NYSE: EFX) has selected Sonatype’s Nexus platform to intelligently manage and monitor the use of open source libraries across its application portfolio. The selection was made following a competitive review.