Security you can trust

Trust Through Transparency and Accountability

A Sonatype Core Value

Trust is foundational to the success of our business. Trust = Transparency + Accountability. We strive for transparency through clear communication across functions and levels. We hold ourselves accountable for the promise we make to our employees, investors, and customers.

To earn your trust, we share our security and compliance programs with you. We continuously evolve with the ever-changing world around us to safely manage the confidentiality, integrity, and availability of not only Sonatype's but also the customers' data and services that we manage.

Badge-trust-label@2x 1

Trust Through Transparency and Accountability

A Sonatype Core Value

Trust is foundational to the success of our business. Trust = Transparency + Accountability. We strive for transparency through clear communication across functions and levels. We hold ourselves accountable for the promise we make to our employees, investors, and customers.

To earn your trust, we share our security and compliance programs with you. We continuously evolve with the ever-changing world around us to safely manage the confidentiality, integrity, and availability of not only Sonatype's but also the customers' data and services that we manage.

Badge-trust-label@2x 1
purple-icon-enforce policy@4x 1

PRIVACY & DATA PROTECTION

At Sonatype, we respect the privacy rights of our online visitors and recognize the importance of protecting the information we collect about you. Our Privacy Policy is designed to help you understand how we collect and use the personal information you decide to share. It also describes your data protection rights, including a right to object to some of the processing which Sonatype carries out.

purple-icon-analyze code@4x 1

REPORT A VULNERABILITY

Sonatype has a Bug Bounty program that lets you report security issues for a potential reward. Rewards are based on the severity of the finding and its impact on the organization. Even though a report may not be bountiful, it may still qualify for company swag. Let’s work together to help secure Sonatype’s products and services while earning some extra cash and/or swag!

Security

SECURITY

Sonatype’s mission is to empower your software development teams with precise open source intelligence and to help you avoid flawed open source libraries that could increase risk as you create and maintain software. We’re committed to being transparent about our security practices and helping you understand our approach.

Our Information Security Program is based on ISO 27000 and NIST standards and is constantly evolving with updated guidance and new industry best practices.

Compliance

CERTIFICATIONS & COMPLIANCE

At Sonatype, we have team members from all parts of the company to own and drive our compliance initiatives. We’ve crafted and implemented a variety of compliance policies that secures our applications, infrastructure, data, and organization. Contact us for our compliance policies and annual certifications from independent auditors.

SOC-SizedLogo
Available upon request

Screen Shot 2023-06-16 at 10.44.42 AM

Download

purple-icon-zero trust@4x 1

DATA MANAGEMENT

Sonatype's Information Classification Policy establishes a framework for classifying information based on its sensitivity, value, and criticality to Sonatype, so that sensitive corporate and customer information can be secured appropriately.

purple-icon-reporting@4x 1

DATA REQUEST

Transparency is key to earning trust. Contact us to see how Sonatype responds to law enforcement requests for data and reports of abuse to our networks and services.

Need more information about any of these topics?