About Sonatype

The leader in software supply chain management.

Sonatype has a long history of accelerating open source usage. As the stewards of the Central Repository, the creators of the Apache Maven project and the distributors of the Nexus open source repository manager, Sonatype has supported the adoption of open source by more than 10 million developers worldwide.

Today, Nexus repository managers are preferred 5:1 over all other brands with more than 50,000 instances worldwide. Nexus Lifecycle (formerly Component Lifecycle Management ) has fast become the “go-to” choice for mitigating open source risk by providing continuous governance across the software supply chain.

100% of the top credit card companies, 80% of the top financial companies and 75% of the top IT manufacturers are Sonatype customers.

Deliver better software, even faster.

Much like a traditional “supply chain” is used to manufacture products, today’s software is built with a supply chain of components from all over the globe, most of which are open source. The challenge is knowing which components you are using, where they are used and which ones have security vulnerabilities, license or quality issues.

Sonatype delivers a patented method for providing accurate, real-time data on component vulnerabilities, which is then integrated into the tools development professionals use every day. By seeing clearly and acting quickly, open source risk is easily avoided across the entire software lifecycle with comparatively low cost and effort. Crisp, clean dashboard views satisfy the varied needs of application developers, architects, DevOps as well as security and legal staff.

The urgent need for software supply chain management and the value that Sonatype provides has been recognized by influential media such as The Wall Street Journal, Forbes, and The New York Times as well as industry publications including CIO, CSO, Wired, and Tech Crunch.

Get a glimpse of the software supply chain challenge and opportunity in this white paper.

The stats in support of software supply chain management

Managing risk and achieving efficiency in the software supply chain is incredibly important because:

  • Open source usage is exploding. 17.2B downloads in 2014.
  • 80-90% of the typical application is comprised of open source or 3rd party components
  • Only 57% of organizations have policies governing open source usage and 29% of those policies don’t address security
  • 71% of all applications contain at least one critical flaw in at least one component
  • Nearly 2/3 of organizations don’t know which components are used in their applications
  • 60% of developers aren’t concerned about security
  • One year after a security alert: 6,916 organizations downloaded a high-risk component 66,284 times. (And this is true of many components!)
  • Over the past few years, more than 5,000 security vulnerabilities have been found in open source code, according to the National Vulnerability Database.
  • Less than 1 percent of security budgets are spent on application security
  • 90% of cyber attacks are focused on applications

View the infographic.

Sources: Ponemon Institute, Verizon 2013 Data Breach Investigations Report, Open Source Developer Survey, and Sonatype Application Health Check


Take the Tour

Nexus repository managers enable development teams to enjoy the benefits of agile component-based development in a streamlined and structured environment.

Take the Tour

Nexus Firewall, Nexus Lifecycle and Nexus Auditor provide a new way to identify, manage and monitor every component and its dependencies throughout various stages of the software life cycle. These solutions enable organizations to realize the promise of agile, component-based software development while avoiding security, quality and licensing risks.

Get Started with Sonatype. Learn more.