Skip Navigation

Press Releases

The latest scoop on Sonatype.

Open Source Malware Reaches More Than 778,500 Packages, According to Sonatype Researchers

New research examines growth in open source malware attacks, most prevalent against software developers at government and financial institutions

Sonatype Announces Integration with Buy with AWS, Offering Simplified Procurement for AWS Customers on Marketplace

Fulton, MD — December 5, 2024 — Sonatype®, the end-to-end software supply chain security platform, today announced its integration with Buy with AWS, a new feature now available through AWS Marketplace. AWS Marketplace is a digital store that makes it easy for customers to find, buy, deploy, and manage software and services from Amazon Web Services (AWS) Partners. By implementing Buy with AWS, Sonatype now provides simplified software buying experiences for customers on its website, powered by AWS Marketplace.

Enterprises are now able to request a private offer via AWS directly on Sonatype’s website to help speed up development of innovative software while mitigating risk and protecting against security threats. With Sonatype Repository Firewall, Sonatype Nexus Repository, Sonatype Lifecycle, and Sonatype SBOM Manager available on AWS, even more organizations can easily rely on Sonatype’s industry-leading tools and guidance to be ambitious, move fast and do it securely.

Sonatype and OpenText Partner to Provide Integrated Vulnerability Management Platform for Open Source and Custom Code

Bringing together best-in-class SCA, SAST, and DAST solutions to deliver holistic view of application security

Fulton, Md. – November 20, 2024 Sonatype®, the end-to-end software supply chain security platform, and OpenTextTM (NASDAQ: OTEX) are partnering to offer a single integrated solution that combines open-source and custom code security, making finding and fixing vulnerabilities faster than ever. Together, Sonatype’s industry-leading Software Composition Analysis (SCA) solutions and Static and Dynamic Application Security Testing (SAST/DAST) from Fortify by OpenText offer a comprehensive, integrated security solution spanning the entire software development lifecycle.

Sonatype Named a Leader in Software Composition Analysis (SCA) Software Report by Independent Research Firm

Sonatype receives highest scores in both current offering and strategy categories among top SCA software vendors

Fulton, Md. – November 13, 2024 Sonatype®, the end-to-end software supply chain security platform, is pleased to announce that it has been named a Leader in The Forrester WaveTM: Software Composition Analysis Software, Q4 2024 report. Forrester identified, researched and evaluated 10 top SCA software providers and Sonatype received the highest possible marks in criteria including malicious package detection, SBOM generation, export and sharing, SBOM ingestion and analysis, policy management, and AI component analysis, along with seven others.  

Sonatype Announces 2024 Elevate Awards Winners

Recognized 9 global organizations pioneering software supply chain security 

Fulton, Md. – October 28, 2024 Sonatype®, the end-to-end software supply chain security platform, today announced the winners of the 2024 Elevate Awards, which recognize global leaders and their teams for exemplary collaboration to advance software innovation, and deliver enhancements  to reduce open source risk and expedite developer productivity. 

Sonatype’s 10th Annual State of the Software Supply Chain Report Reveals 156% Surge in Open Source Malware

A record-breaking year for open source consumption as downloads hit 6.6 trillion, amplifying software supply chain risk

Fulton, Md. – October 10, 2024Sonatype®, the end-to-end software supply chain security platform, today released its 10th Annual State of the Software Supply Chain® Report. Sonatype was first to define this market and consistently provides year-over-year analyses of open source consumption data. Sharing these unparalleled insights over the past decade has expedited innovation in software development, as well as propelled Sonatype’s success in bringing industry-first solutions to market.

Sonatype Achieves AWS Security Competency Status

Fulton, Md. – October 1, 2024 – Sonatype, the end-to-end software supply chain security platform,  today announced it has achieved Amazon Web Services (AWS) Security Competency status. This designation recognizes that Sonatype has demonstrated expertise in delivering comprehensive security solutions for modern software development that help customers achieve their cloud security goals.

Sonatype Names Finalists for 2024 Elevate Awards

Global Organizations Recognized for Software Supply Chain Innovation and Impact

 

Sonatype Named to JMP Securities’ 2018 Hot 100 List

Fulton, MD – August 3, 2018 -- Sonatype, the leader in automated open source governance, today announced it has been named to the JMP Securities’ Hot 100 list of the hottest privately held software companies for 2018. Compiled annually by JMP, the list profiles the top 100 private companies based on multiple criteria including financial growth, products and services, quality of leadership team and market potential. This is the third time Sonatype has been named to the list.

Sonatype Launches New and Enhanced Open Source Software Index, Delivering Free Open Source Vulnerability Data to Millions of Developers

The newly improved Index is designed to easily integrate with developer tools like Maven Enforcer Plugin and OWASP Dependency Check

Fulton, MD – July 25, 2018 -- Sonatype, the leader in automated open source governance, today announced a revamped and modernized OSS Index to provide developers with free and easily accessible information on known open source vulnerabilities.  The Index provides multi-language support, easy implementation through a REST API and native integrations with Maven Enforcer Plugin and OWASP Dependency Check.