We humbly declare today, February 3rd, World Open Source day.
Why? The roots of Sonatype lie firmly in open source, originally founded to help other companies adopt a new technology - Apache Maven. From a single server under the desk and a whiteboard, Maven has grown into a technology used every day by over 15 million developers and its' central dependency ecosystem, The Central Repository, sees over 425 Billion downloads annually. Similarly we as a company have mirrored this growth and matured into a $100M ARR Unicorn - with a platform that helps customers adopt open source efficiently across dozens of languages.
Open source is the secret sauce that powers technology as we know it today. Without it, the internet would not run, Teslas would not start, and no information systems would boot up. Every company in the world has, knowingly or not, become adopters of it. Accordingly, building the muscle of being good at adopting, managing and removing open source packages helps companies take the next step in productivity, security and DevOps adoption. Our aim has always been to help developers do the right thing without discouraging them from embracing open source technology by means of arbitrary inspection or poor process.
As we set our sights on our future growth, it’s important we acknowledge the deep roots in open source that brought us here. By recognizing February 3rd as World Open source day, we want to help everyone give back to the other teams that gave the world so much from their offices and whiteboards, and to help give that little boost to a small project that might end up changing the world all over again in 10 years time.
What We’re Doing
We’re celebrating February 3rd, the day the term ‘Open Source’ was first coined, as World Open Source Day here at Sonatype by recognizing our incredible maintainers and contributors, the open source projects we support, and the free and open source projects that Sonatype offers developers to improve their software delivery.
On this day, we are encouraging our employees to contribute to open source projects we rely on. We are especially interested in helping all Sonatypians become a part of the global open source community, and will support first-time contributors on their open source journey. We’re also encouraging our non-technical employees to get involved, educated and excited about the wide community of open source out there.
Objectives of World Open Source Day
- Open Source Education for both technical and non-technical Sonatypians on how they can make meaningful first-time contributions to public projects
- Highlight Our Maintainers and the incredible work being done at Sonatype across several major open source projects
- Centralise support of ongoing open source projects that are developed at Sonatype
- Expand community of open source engagement to new projects
Open Source Projects Developed at Sonatype and supported by Community
- Nexus Community: Community projects meant for the Sonatype Nexus Platform. Affiliated with Sonatype, but inclusive of the work our global contributor community has done!
- Open Source Software Index Integrations: Our OSSI integrations allow developers to Scan projects for open source vulnerabilities, and build security into your development toolchain with native tools and integrations. The following scan tools all utilize the OSS Index public REST API
Meet Sonatype Maintainers
External Open Source Projects Sonatype helps Maintain
- CycloneDX: OWASP CycloneDX is a lightweight Software Bill of Materials (SBOM) standard designed for use in application security contexts and supply chain component analysis
- Apache Maven: software project management and comprehension tool
- Modello: Data Model toolkit in use by the Maven 2 Project
Work we do to keep the world of open source safe
- Free Security Scanning for all Central Contributors
- Log4j Dashboard with real-time updates
- HackerOne & Sonatype - Central Security Project
- Search.maven.org and it’s security ratings
- State of the Software Supply Chain report
- Sponsoring the Python Software Foundation
- Helping disclose tens of thousands of vulnerabilities found in open source packages across all ecosystems
It is our hope that by setting an example as a company and truly acting according to our values, we can do our part in helping improve the open source supply chain for every developer in the world. Open source has revolutionized the world as we know it, and there are no signs it’ll stop anytime soon.
Please join us today by appreciating the world of open source and it’s maintainers. We’d love to get the world involved and make World Open Source day a lasting celebration!