Communiqués

New Data Underscores Critical Need for Early Defense Against Malicious Code

Sonatype’s Nexus Lifecycle Leverages Red Hat OpenShift Operator Certification, Provides Software Bill of Materials Visibility

Company Bolsters Leadership with First-Ever CPDO Position

Company announces the appointment of Larry Quinlan to its Board of Directors, Steve Levitt as Chief Revenue Officer, and Exceeds H1 Financial Goals

InnerSource Insight makes it easier and safer for developers to use software components created by others within their organization as part of their Software Supply Chain

Company Bolsters Leadership Team After Surpassing $100 M ARR Milestone, Further Accelerating Global Expansion as Organizations Increasingly Turn to Sonatype to Understand and Secure their Software Supply Chains 

April 19, 2022 -- Fulton, Md. -- Sonatype, the pioneer of software supply chain management, today announced another quarter of extraordinary growth. It follows the milestone of exceeding $100 million in annual recurring revenue in 2021. The company continues to build for the future by expanding its senior management team with the appointment of Bruce Gordon to Senior Vice President, Global Channel Sales & Alliances and the promotion of Katy Hiller to Senior Vice President, Global Marketing. 

• Addition of proven leader Alex Berry, largest Q4 ever, and 200+ new hires bolster momentum for 2022
• Company growth showcases importance of intelligent, full-spectrum software supply chain management for both developers and security teams 

January 27, 2021 -- Fulton, Md. -- Sonatype, the pioneer of software supply chain management, today announced it has joined the ranks of the world’s most successful companies and surpassed $100 million in annual recurring revenue (ARR). The company also announced the appointment of Alex Berry as its first president, further positioning Sonatype to play a pivotal role in the booming global software development market. 

Sonatype’s free scanning and analysis tools allow developers to quickly detect and remediate Log4j vulnerabilities

Fulton, MD – December 22, 2022 – The Log4j open source component has been downloaded nearly five million times since a critical vulnerability was first discovered in it on December 10th. However, 40% of those downloads are still of the known critically vulnerable versions, according to new data released by Sonatype, the pioneer in intelligent and secure software supply chain automation. 

Company joins the Open Source Security Foundation and OpenChain Project, sponsors Python Software Foundation  

October05, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain automation and security, today announced three partnerships with important open source community foundations and projects as part of its ongoing mission to give back, support, and help protect open source ecosystems. 

Developer Demand for Open Source Increased 73% Year over Year; 29% of Popular Project Releases Are Vulnerable, Highlighting the Critical Need for Automated Dependency Management

September 15, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain automation and security, today released its seventh annual State of the Software Supply Chain Report that reveals continued strong growth in open source supply and demand dynamics.  Further, with regard to open source security risks, the report found a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. This year’s research also presents innovative empirical metrics that can be used to identify exemplary projects, and data-driven guidance to help software engineering teams optimize decisions on when, and when not to, update to new versions of open source libraries.  Finally, based on survey responses collected from 702 software engineering professionals, the research observes a fundamental disconnect between people’s subjective beliefs about software chain management practices, and objective results as measured across 100,000 applications.