Communiqués

CycloneDX API Creates Standardized Way to Integrate and Share SBOMs

May 13, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain management and security, today announced its support for the CycloneDX Software Bill of Materials (SBOM) standard, a lightweight specification designed for use in application security and software supply chain contexts.  Sonatype is proud to have assisted CycloneDX project organizers in defining the software industry’s first standard for automated SBOM data exchange.  Furthermore, Sonatype has utilized the CycloneDX standard to create an API that provides third-parties with an easy way to integrate and share SBOMs between Sonatype products and other systems.

The Advanced Legal Pack mitigates license risk through automation, providing a more efficient way to collect, compile, report, and remediate open source legal obligations

May 4, 2021 -- Fulton, Md. -- Sonatype, the leader in developer-friendly tools for software supply chain management and security, today unveiled its Advanced Legal Pack which fundamentally changes how both legal teams and developers manage open source licenses and compliance. Using machine learning and artificial intelligence, the pack automates open source license compliance eliminating manual work, drastically improving team productivity, and expediting development innovation and release times. 

Channel-first strategy, including investment in strategic hires, tooling and infrastructure dramatically increases revenue and market penetration across the region

100 people added to EMEA partner programme in the last 12 months alone, with further growth planned for 2021

March 30, 2021 -- LONDON -- Sonatype, the leader in developer-friendly tools for software supply chain management and security, today announced its EMEA partner program saw a 200% revenue increase in 2020. In a year that tested business strategies around the world, Sonatype’s channel-first approach propelled the company’s success as organizations continued to recognize the business-critical role of managing third-party open source and software supply chains. 

Company dramatically expands portfolio with new developer-first features, the acquisition of MuseDev, and launch of its Nexus Container and Infrastructure as Code Pack

Fulton, MD – Tuesday, March 16, 2021 — Sonatype, the leader in developer-friendly tools for software supply chain management and security, today unveiled the next-generation Nexus platform offering customers full-spectrum control of the cloud-native software development lifecycle including: third-party open source code, first-party source code, infrastructure as code (IaC), and containerized code. 

Acquisition Pairs Developer-Friendly Source Code Analysis with Full-Spectrum Software Supply Chain Management

Fulton, MD – Tuesday, March 16, 2021 — Sonatype, the leader in developer-friendly tools for software supply chain management and security, today announced the acquisition of MuseDev, an innovative code analysis platform. MuseDev’s core offering automatically analyzes and provides uniquely accurate feedback on each developer pull request, making it easy to find and fix critical security, performance, and reliability bugs during code review. 

New Infrastructure as Code Pack for Nexus Lifecycle brings developer-friendly cloud and open source security together in one place.

Fulton, MD — March 16, 2021 — Sonatype, the leader in developer-friendly tools for software supply chain management and security, today unveiled its Infrastructure as Code (IaC) Pack for Nexus Lifecycle, making it easy for developers to configure infrastructure as code without worrying about common security mistakes.

Powered by NeuVector, Nexus Container provides developer-friendly security and continuous visibility into the composition, and management of containers.

Fulton, Md. – March 16, 2021 –  Sonatype, the leader in developer-friendly tools for software supply chain management and security, today announced Nexus Container, powered by NeuVector. Nexus Container is a Kubernetes-native, full life cycle container security solution that secures containerized applications from development to production. 

MOSCOW -- February 25, 2021 - Swordfish Security, a leader in Russian application security and enterprise digital transformation projects, today announced it secured its dedicated Platinum Partner Certification with Sonatype, the leader in open source governance and DevSecOps automation.

DUBAI, UAE, Feb. 18, 2021 -- Bahwan CyberTek (BCT), a global leader in digital transformation, announced a strategic partnership with Sonatype, a leading player in open source governance and DevSecOps automation, to help customers mitigate risks at every stage of their software development lifecycle (SDLC). BCT will leverage Sonatype's Nexus platform, to help its customers build open source risk policies and effectively mitigate such risks.

Wiesbaden, Germany – January 19, 2021 - Sonatype, a leader in open source security and license compliance management, announced today a partnership with SVA, one of Germany’s leading system integrators, to help enterprise customers easily detect open source vulnerabilities that already exist or are actively being ingested into their repositories.