Communiqués

Sonatype’s free scanning and analysis tools allow developers to quickly detect and remediate Log4j vulnerabilities

Company joins the Open Source Security Foundation and OpenChain Project, sponsors Python Software Foundation  

October05, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain automation and security, today announced three partnerships with important open source community foundations and projects as part of its ongoing mission to give back, support, and help protect open source ecosystems. 

Developer Demand for Open Source Increased 73% Year over Year; 29% of Popular Project Releases Are Vulnerable, Highlighting the Critical Need for Automated Dependency Management

September 15, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain automation and security, today released its seventh annual State of the Software Supply Chain Report that reveals continued strong growth in open source supply and demand dynamics.  Further, with regard to open source security risks, the report found a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. This year’s research also presents innovative empirical metrics that can be used to identify exemplary projects, and data-driven guidance to help software engineering teams optimize decisions on when, and when not to, update to new versions of open source libraries.  Finally, based on survey responses collected from 702 software engineering professionals, the research observes a fundamental disconnect between people’s subjective beliefs about software chain management practices, and objective results as measured across 100,000 applications.

The cloud-native platform, Sonatype Lift, enables developers to find and fix performance, reliability, and security bugs by automatically analyzing pull requests and delivering results as comments in code review.

June 15, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain automation and security, today unveils Sonatype Lift (Lift), a first-of-its-kind, cloud-native, deep code analysis platform. Lift installs easily on any source repository in minutes and provides developer-friendly feedback on a wide range of bug types, ranging from lightweight style issues to complex coding errors commonly found in first-party source code and third-party open source libraries.

Awards celebrate bold innovators and fearless experimenters transforming software supply chain management and delivering stunning successes with remarkable results. Winners to be announced on June 17 at ELEVATE 2021, Sonaype’s User Conference 

June 10, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain management and security, today unveiled the list of Sonatype Elevate Awards finalists. The software development life cycle (SDLC) and its associated software supply chain is the driving engine for innovation for enterprises, nonprofits, and government agencies across the globe. In its inaugural year, the Elevate Awards were created to recognize and celebrate the innovators powering this engine and serving as role models for the industry to learn from. 

AMSTERDAM - June 10, 2021 - Amazic Distribution, one of EMEA’s largest trusted suppliers and solution advisors for partners, individuals and many of the world’s largest organisations, today announced a strategic partnership with Sonatype, the leader in developer-friendly tools for software supply chain automation and security.

CycloneDX API Creates Standardized Way to Integrate and Share SBOMs

May 13, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain management and security, today announced its support for the CycloneDX Software Bill of Materials (SBOM) standard, a lightweight specification designed for use in application security and software supply chain contexts.  Sonatype is proud to have assisted CycloneDX project organizers in defining the software industry’s first standard for automated SBOM data exchange.  Furthermore, Sonatype has utilized the CycloneDX standard to create an API that provides third-parties with an easy way to integrate and share SBOMs between Sonatype products and other systems.

The Advanced Legal Pack mitigates license risk through automation, providing a more efficient way to collect, compile, report, and remediate open source legal obligations

May 4, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain management and security, today unveiled its Advanced Legal Pack which fundamentally changes how both legal teams and developers manage open source licenses and compliance. Using machine learning and artificial intelligence, the pack automates open source license compliance eliminating manual work, drastically improving team productivity, and expediting development innovation and release times. 

Channel-first strategy, including investment in strategic hires, tooling and infrastructure dramatically increases revenue and market penetration across the region

100 people added to EMEA partner programme in the last 12 months alone, with further growth planned for 2021

March 30, 2021 -- LONDON -- Sonatype, the leader in developer-friendly tools for software supply chain management and security, today announced its EMEA partner program saw a 200% revenue increase in 2020. In a year that tested business strategies around the world, Sonatype’s channel-first approach propelled the company’s success as organizations continued to recognize the business-critical role of managing third-party open source and software supply chains. 

Company dramatically expands portfolio with new developer-first features, the acquisition of MuseDev, and launch of its Nexus Container and Infrastructure as Code Pack

Fulton, MD – Tuesday, March 16, 2021 — Sonatype, the leader in developer-friendly tools for software supply chain management and security, today unveiled the next-generation Nexus platform offering customers full-spectrum control of the cloud-native software development lifecycle including: third-party open source code, first-party source code, infrastructure as code (IaC), and containerized code.