Fulton, Md. – November 13, 2024 – Sonatype®, the end-to-end software supply chain security platform, is pleased to announce that it has been named a Leader in The Forrester WaveTM: Software Composition Analysis Software, Q4 2024 report. Forrester identified, researched and evaluated 10 top SCA software providers and Sonatype received the highest possible marks in criteria including malicious package detection, SBOM generation, export and sharing, SBOM ingestion and analysis, policy management, and AI component analysis, along with seven others.
“Sonatype is a trailblazer for detection of inner-source and associated transitive dependencies to efficiently manage internal shared components,” according to the Forrester report. “Sonatype’s vision of blocking software supply chain attacks at the network firewall and endpoint protection systems is revolutionary…Sonatype is an excellent choice for enterprises looking to manage dependency, license, operational, and malicious package risk across the portfolio.”
Sonatype has redefined Software Composition Analysis (SCA) by combining enterprise-grade SCA tools with Nexus Repository, open source malware protection, automated dependency management and SBOM management to provide the industry’s only end-to-end software supply chain management platform. Its 2024 State of the Software Supply Chain® Report, found that 80% of application dependencies remain un-upgraded for over a year. Sonatype offers enterprises a better way to SCA, with automated policy enforcement and fixes at each software development lifecycle (SDLC) stage for vulnerability, license, and open-source health conditions.
“With the scale of open source and AI accelerating software development, managing dependencies and risk becomes exponentially more difficult. This is why Sonatype’s approach to SCA with automated dependency management is so powerful, helping enterprises speed up software development while managing risks effectively,” said Mitchell Johnson, Chief Product Development Officer at Sonatype. “We believe our continued innovation has led to this recognition. We are delighted to be named a Leader in SCA software by Forrester, which to us recognizes our vision and unwavering commitment to helping customers secure their software supply chains.”
The report also recognized Sonatype with the highest possible scores in the vision and roadmap criteria, noting “The stellar roadmap includes SBOM sharing, regulation-specific templates, SBOM and supplier quality scoring, AI/ML supply chain coverage, and AI BOM management.”
To learn more about Sonatype, visit www.sonatype.com. Access The Forrester WaveTM: Software Composition Analysis Software, Q4 2024 here.
Sonatype is the software supply chain security company. We provide the world’s best end-to-end software supply chain security solution, by combining the only proactive protection against malicious open source, the only enterprise grade SBOM management and the leading open source dependency management platform. This empowers enterprises to create and maintain secure, quality, and innovative software at scale. As founders of Nexus Repository and stewards of Maven Central, the world’s largest repository of Java open-source software, we are software pioneers and our open source expertise is unmatched. We empower innovation with an unparalleled commitment to build faster, safer software and harness AI and data intelligence to mitigate risk, maximize efficiencies, and drive powerful software development. More than 2,000 organizations, including 70% of the Fortune 100 and 15 million software developers, rely on Sonatype to optimize their software supply chains. To learn more about Sonatype, please visit www.sonatype.com.