Profile

Software development is evolving. 90% of modern applications use open source code, and for good reason—speed. But when open source components go unmaintained, they become liabilities that leave organizations open to security and licensing risks.

Recognized by globally renowned analysts as an industry leader, Sonatype enables speed and security in open source development, allowing organizations to innovate faster and at scale in a highly competitive market. The Sonatype Platform gives organizations total control of their SDLC for more confidence in every piece of open source code, source code, and containerized code. It unites software developers, application security professionals, engineering leaders, and legal teams to manage their open source components safely so that they can focus on innovation. More than 2,000 organizations, including 70% of the Fortune 100, and 15 million software developers rely on Sonatype’s tools and guidance to be ambitious, move fast and do it securely.

Key Products

The Sonatype Platform: 

• Sonatype Repository Firewall – block malicious open source at the door (Read).


• Sonatype Nexus Repository – Manage components, binaries and build artifacts across your entire software supply chain (Read).


• Sonatype Lifecycle – Automatically find and fix open source vulnerabilities across the SDLC (Read).

Customer Insights

Sonatype Customers Say It Best. Real stories from real innovators here.

Key Executives

E. Wayne Jackson III, Chief Executive Officer

Wayne is the CEO of Sonatype, a role he has held since 2010. Prior to Sonatype, Wayne served as the CEO of open source network security pioneer Sourcefire, Inc. (NASDAQ:FIRE), which he guided from fledgling start-up through an IPO in March of 2007, later acquired by Cisco for $2.7 billion. Before Sourcefire, Wayne co-founded Riverbed Technologies, a wireless infrastructure company, and served as its CEO until the sale of the company for more than $1 billion in March of 2000. Wayne holds a B.B.S in Finance from James Madison University, 1985, and has completed the Executive Education program for Corporate Governance at Harvard University.

Alexander Berry, President 

Alexander (Alex) Berry is a result driven President/COO/CRO/GM who excels in transforming businesses from start-up to Fortune 500 companies. Alex currently serves as President of Sonatype where he is responsible for all day-to-day operations and GTM functions. Prior to Sonatype, he was the Chief Revenue Officer for Vector Solutions and before this, he was the EVP/GM of the Public Sector and Education business units for Vector Solutions. Vector Solutions was privately held by Golden Gate Capital and had a significant sale to Genstar Capital. Before joining Vector Solutions, Berry was the COO and President for Syniti (PE backed by Goldman Sachs), which he and the management team sold to Bridge Growth Partners.

Brian Fox, Chief Technology Officer

Co-founder and CTO of Sonatype, Brian Fox is a Governing Board member for the Open Source Security Foundation (OpenSSF), a member of the Apache Software Foundation and former Chair of the Apache Maven project. As a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin, he has over 20 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events, including Java User Groups and other development-related conferences.

Investors

In 2019, global investment firm Vista Equity Partners announced it had acquired a majority share of Sonatype.

Key Milestones

• 2001: Sonatype begins as a project by core contributors to Apache Maven, a platform for building Java-based projects. 


• 2008: Sonatype takes on running The Central Repository, the worlds’ largest repository of open source components. 


• 2009: Sonatype launches Nexus Pro (later to become Sonatype Nexus Repository), a solution for managing open source libraries, and the first piece to holistic software supply chain management. 


• 2013: Sonatype is the first to recognize poor quality open source code as a software supply chain problem. Sonatype launches Sonatype Lifecycle to automate open source policy across the entire SDLC. 


• 2016: Sonatype launches Sonatype Repository Firewall, the first solution to apply controls to inbound components, blocking malicious code at the door. 


• 2021: Sonatype surpasses $100 million in annual recurring revenue (ARR) and acquires MuseDev, an innovative code analysis platform. 


• 2023: Today, Sonatype’s developer-friendly software supply chain management platform helps more than 2,000 organizations and 15 million software developers.

News and Press Releases

Learn the latest about Sonatype. Explore their announcements, press coverage, brand assets, and more here.