Sonatype Unveils Full-Spectrum Software Supply Chain Management Platform | Sonatype

Company dramatically expands portfolio with new developer-first features, the acquisition of MuseDev, and launch of its Nexus Container and Infrastructure as Code Pack

Fulton, MD – Tuesday, March 16, 2021 — Sonatype, the leader in developer-friendly tools for software supply chain management and security, today unveiled the next-generation Nexus platform offering customers full-spectrum control of the cloud-native software development lifecycle including: third-party open source code, first-party source code, infrastructure as code (IaC), and containerized code. 

“As software development teams race forward to deliver new digital innovations, software supply chain management and security has been ushered to center stage,” says Wayne Jackson, CEO, Sonatype. “Over the past six months, we’ve been working hard to expand our Nexus platform to deliver full-spectrum support to all application building blocks — not just open source — and truly enable developer productivity. As developers take on more responsibility for containers, code, and infrastructure, our mission is to make their lives easier while they make great software.”

The expansion comes amid continued record growth for Sonatype including a 118% rise in ARR from 2018-2020. The company now counts 70% of the Fortune 100 as customers and supports more than 2,000 commercial engineering teams. Further, in 2020 Sonatype experienced 35% annual growth in Nexus Repository installs, which now total more than 250,000 instances. Today, the combination of Sonatype’s commercial and open source tools are trusted by nearly 15 million developers around the world. 

Software Supply Chain Management: A Developer Friendly and Full-Spectrum Approach

Building upon the world’s most popular artifact repository — Nexus Repository — and its best-in-class software composition analysis duo — Nexus Lifecycle and Nexus Firewall, the company is delivering the world’s first developer-friendly and full-spectrum platform for strengthening cloud-native software supply chains with:

• Muse: A cloud-native source code analysis solution helping developers catch and fix performance, reliability, and security bugs during code review. Muse delivers 24 pre-configured code analyzers to automatically assess each developer pull request and then report any bugs as comments in code review. Full details on Sonatype’s acquisition of Muse are available here.
• Nexus Container:  A developer-friendly container security solution providing continuous visibility into the composition, and management of, containers from development, to delivery, to run time. Nexus Container, powered by NeuVector, also protects organizations from new open source zero-day vulnerabilities (e.g. Apache Struts, OpenSSL) using an innovative Layer7 firewall to virtually patch containers in the wild, which buys the development team valuable time as they work to patch the application in code.
• Infrastructure as Code Pack: The Infrastructure as Code Pack delivers out-of-the-box guidance to assist developers configuring cloud infrastructure and foster compliance with privacy and security standards (e.g., CIS Foundations Benchmarks, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI, SOC 2). Integrated with Nexus Lifecycle, the pack will make it possible for developers to find and easily fix misconfigurations in Terraform plans before they are applied to production infrastructure. To ensure continuous IaC compliance in production environments leveraging the same policy sets, Sonatype announced a strategic partnership with Fugue.
• Advanced Legal Pack: The forthcoming Advanced Legal Pack will improve visibility into open source license obligation for software development and legal teams. The pack is expected to significantly reduce the time spent reviewing each new application release, ensuring development velocity is not hampered as the use of open source components continues to grow exponentially.
• Nexus Community:  As part of Sonatype’s unwavering commitment to the open source and developer communities, we’ve created advanced migration support for open source projects scrambling to find homes on the heels of Bintray and JCenter sunsetting. Open source projects can easily migrate their packages to a free Nexus Repository instance and/or Maven Central host.
  
  As an added bonus to community members, Sonatype recently upgraded its free security analysis report — making it available to any open source project hosting code on Maven Central as part of its OSSRH service.  This migration support aims to ensure developers experience no downtime or build delays for their software supply chains that rely on public code repositories.

These newly announced offerings come on the heels of Sonatype’s recently released Advanced Development Pack that delivers a real-time rating system to help developers select the best open source component suppliers and reduce variability in version choices. Backed by Nexus Intelligence, it also boosts visibility to early-stage software supply chain attacks and alerts development teams to the new adversarial threats.

“With high profile attacks on software supply chains making headlines the world over, enterprises are moving to harden their development infrastructure against attackers. As important as the task is, however, technology leaders don’t want to solve this problem with a complicated patchwork quilt of services, solutions and providers - they want an integrated, end to end solution,” said Stephen O’Grady, Principal Analyst with RedMonk. “This is precisely the opportunity that Sonatype is targeting with its full-spectrum approach.”

Additional Resources:

• Read the latest blog from Sonatype’s co-founder and CTO, Brian Fox
• Read more about Sonatype’s Acquisition of MuseDev
• Learn more about Nexus Container
• Learn more about the Infrastructure as Code Pack for Nexus Lifecycle

About Sonatype:

Sonatype is the leader in developer-friendly, full-spectrum software supply chain management providing organizations total control of their cloud-native development lifecycles, including third-party open source code, first-party source code, infrastructure as code, and containerized code. The company supports 70% of the Fortune 100 and its commercial and open source tools are trusted by 15 million developers around the world. With a vision to transform the way the world innovates, Sonatype helps organizations of all sizes build higher quality software that's more aligned with business needs, more maintainable, and more secure. 

Sonatype has been recognized by Fast Company as one of the Best Workplaces for Innovators in the world, two years in a row and has been named to the Deloitte Technology Fast 500 and Inc. 5000 list for the past five years. For more information, please visit Sonatype.com, or connect with us on Facebook, X, or LinkedIn.