Press Releases

The latest scoop on Sonatype.

Sonatype Exceeds $100M in ARR, Names First President as Demand for Software Supply Chain Management Soars

  • Addition of proven leader Alex Berry, largest Q4 ever, and 200+ new hires bolster momentum for 2022
  • Company growth showcases importance of intelligent, full-spectrum software supply chain management for both developers and security teams 

January 27, 2021 -- Fulton, Md. -- Sonatype, the pioneer of software supply chain management, today announced it has joined the ranks of the world’s most successful companies and surpassed $100 million in annual recurring revenue (ARR). The company also announced the appointment of Alex Berry as its first president, further positioning Sonatype to play a pivotal role in the booming global software development market. 

Critical Log4j Vulnerability Still Being Downloaded 40% of the Time, Sonatype Research Reveals in New Resource Center

Sonatype’s free scanning and analysis tools allow developers to quickly detect and remediate Log4j vulnerabilities

Fulton, MD – December 22, 2022 – The Log4j open source component has been downloaded nearly five million times since a critical vulnerability was first discovered in it on December 10th. However, 40% of those downloads are still of the known critically vulnerable versions, according to new data released by Sonatype, the pioneer in intelligent and secure software supply chain automation. 

Sonatype Expands Support for Open Source Communities with Key Partnerships

Company joins the Open Source Security Foundation and OpenChain Project, sponsors Python Software Foundation  

October05, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain automation and security, today announced three partnerships with important open source community foundations and projects as part of its ongoing mission to give back, support, and help protect open source ecosystems. 

Open Source Continues to Fuel Digital Transformation, Sonatype's 2021 Software Supply Chain Report Reveals Important Trends

Developer Demand for Open Source Increased 73% Year over Year; 29% of Popular Project Releases Are Vulnerable, Highlighting the Critical Need for Automated Dependency Management

September 15, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain automation and security, today released its seventh annual State of the Software Supply Chain Report that reveals continued strong growth in open source supply and demand dynamics.  Further, with regard to open source security risks, the report found a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. This year’s research also presents innovative empirical metrics that can be used to identify exemplary projects, and data-driven guidance to help software engineering teams optimize decisions on when, and when not to, update to new versions of open source libraries.  Finally, based on survey responses collected from 702 software engineering professionals, the research observes a fundamental disconnect between people’s subjective beliefs about software chain management practices, and objective results as measured across 100,000 applications.

Sonatype Launches Novel Deep Code Analysis Platform Designed for Developers

The cloud-native platform, Sonatype Lift, enables developers to find and fix performance, reliability, and security bugs by automatically analyzing pull requests and delivering results as comments in code review.

June 15, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain automation and security, today unveils Sonatype Lift (Lift), a first-of-its-kind, cloud-native, deep code analysis platform. Lift installs easily on any source repository in minutes and provides developer-friendly feedback on a wide range of bug types, ranging from lightweight style issues to complex coding errors commonly found in first-party source code and third-party open source libraries.

Finalists Announced for Inaugural Sonatype Elevate Awards

Awards celebrate bold innovators and fearless experimenters transforming software supply chain management and delivering stunning successes with remarkable results. Winners to be announced on June 17 at ELEVATE 2021, Sonaype’s User Conference 

June 10, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain management and security, today unveiled the list of Sonatype Elevate Awards finalists. The software development life cycle (SDLC) and its associated software supply chain is the driving engine for innovation for enterprises, nonprofits, and government agencies across the globe. In its inaugural year, the Elevate Awards were created to recognize and celebrate the innovators powering this engine and serving as role models for the industry to learn from. 

Amazic Announces New Partnership With Sonatype to Bring More Enterprises Developer-Friendly, Full-Spectrum Software Supply Chain Automation and Security

AMSTERDAM - June 10, 2021 - Amazic Distribution, one of EMEA’s largest trusted suppliers and solution advisors for partners, individuals and many of the world’s largest organisations, today announced a strategic partnership with Sonatype, the leader in developer-friendly tools for software supply chain automation and security.

Sonatype Embraces CycloneDX Standard for Integrating Software Bills of Materials (SBOMs)

CycloneDX API Creates Standardized Way to Integrate and Share SBOMs

May 13, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain management and security, today announced its support for the CycloneDX Software Bill of Materials (SBOM) standard, a lightweight specification designed for use in application security and software supply chain contexts.  Sonatype is proud to have assisted CycloneDX project organizers in defining the software industry’s first standard for automated SBOM data exchange.  Furthermore, Sonatype has utilized the CycloneDX standard to create an API that provides third-parties with an easy way to integrate and share SBOMs between Sonatype products and other systems.

Sonatype Helps Organizations Manage Open Source License Obligations and Speed up Legal Compliance with New Tool

The Advanced Legal Pack mitigates license risk through automation, providing a more efficient way to collect, compile, report, and remediate open source legal obligations

May 4, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain management and security, today unveiled its Advanced Legal Pack which fundamentally changes how both legal teams and developers manage open source licenses and compliance. Using machine learning and artificial intelligence, the pack automates open source license compliance eliminating manual work, drastically improving team productivity, and expediting development innovation and release times. 

Sonatype’s Channel Partner Program Experiences Triple Digital Growth in EMEA For the Second Year Running

Channel-first strategy, including investment in strategic hires, tooling and infrastructure dramatically increases revenue and market penetration across the region

100 people added to EMEA partner programme in the last 12 months alone, with further growth planned for 2021

March 30, 2021 -- LONDON -- Sonatype, the leader in developer-friendly tools for software supply chain management and security, today announced its EMEA partner program saw a 200% revenue increase in 2020. In a year that tested business strategies around the world, Sonatype’s channel-first approach propelled the company’s success as organizations continued to recognize the business-critical role of managing third-party open source and software supply chains.