2022 was an extraordinary year at Sonatype. We worked at the White House with our peers to decide the best path for securing open source software (OSS) against continuously evolving supply chain attacks. And closer to home, we were proud to launch new culture programs to recognize and reward our employees.
We had a lot to celebrate, let’s look at a few highlights.
Evolving the Sonatype Platform
As an industry pioneer and the inventor of componentized software development, Sonatype continually pushes the boundaries of what’s possible in open source security and software supply chain management. This year, we introduced several new product and platform updates to help keep our customers ahead of the curve, including:
- Launching InnerSource Insight, an industry-first capability within Nexus Lifecycle that makes it easier and safer for developers to use components developed by others within their organization.
- Adding subdomain connectors for Docker users in Sonatype Nexus Repository Pro to improve ease of use and administration.
- Extending Nexus Firewall’s automated malware and early warning detection to the Python ecosystem.
- Enabling broad sharing of vulnerability reports, with detailed component pages including insights about package usage and severity, available to your extended team without a Nexus login.
- Improving Nexus Firewall’s detection and blocking of hidden text encoding attacks and other malicious components.
Blocking more malicious packages than ever
Sonatype’s industry-leading Nexus Firewall achieved a new milestone in 2022: discovering and blocking over 103,000 total malicious packages from being downloaded into open source repositories. Using next-generation, proprietary behavioral analysis and automated policy enforcement, Firewall identified more than 36,100 newly published packages as malicious in the past year alone. Sonatype’s repository Firewall is the only solution to detect and block malicious and suspicious open source components from entering the software development life cycle (SDLC), stopping known and unknown open source risk from being downloaded.
Strengthening old partnerships and building new ones
We also focused on relationship-building, furthering our 255-member partnership program and integrations to provide the most comprehensive security solutions possible. In August, we announced Nexus Lifecycle’s Red Hat OpenShift Operator Certification, giving Red Hat OpenShift customers intelligent insight into their open source components. And in October, we expanded our strategic partnership with CyberRes to provide organizations with a complete open source and application security solution.
Expanding our team
In addition to an evolved platform, 2022 brought an evolved Sonatype team. To support our product development, company growth, and continued innovation, we added 308 new talented Sonatypers to our roster–nearly doubling our team's size in a year. We also bolstered our leadership team with several key hires and appointments, including:
- Mitchell Johnson as Chief Product Development Officer
- Steve Levitt as Chief Revenue Officer
- Katy Hiller, from Senior Vice President, Global Marketing to Chief Marketing Officer
- Bruce Gordon as Senior Vice President, Global Channel Sales & Alliances
- Kristin Davidson, from Vice President, Human Resources to Senior Vice President, Human Resources
- Tyler Warden as Senior Vice President, Product
- Larry Quinlan to the Board of Directors
To help welcome our newcomers, we hosted our first all-hands, in-person event in 2.5 years in San Francisco. More than 360 Sonatypers from around the globe (and almost 200 virtually) joined together to connect, strategize, give back to the community, and build a solid foundation for 2023.
Engaging with our communities
If it felt like Sonatype was everywhere, it’s because we were! 2022 was a standout year for event attendance and participation. We had a presence at 150+ global security, DevSecOps, developer, and AppSec gatherings, and established new community connections.
Security Slam, in partnership with The Cloud Native Computing Foundation (CNCF)
Another highlight was partnering with The Cloud Native Computing Foundation (CNCF) on an inaugural virtual Security Slam event. This event did two things: first, it brought together open source maintainers and contributors to improve the security posture of open source projects. A total of 13 open source software projects participated in the event, and 11 raised their CLOMonitor Security score to 100%, leveraging CNCF tools to increase their open source security posture, awareness, and compliance. It also raised $27,500 for the CNCF Diversity Scholarship Fund, which helps underrepresented individuals become valuable members of the CNCF community.
As a mission-driven company, giving back and supporting our communities is embedded into everything we do. We offer all employees paid volunteer time off (VTO), which Sonatypers used this year to work their neighborhood polling places, volunteer at local surf lifesaving clubs, mentor high school students, volunteer with the American Red Cross, and more. We were also honored to support several organizations as a company, which included:
- Stuffing 175 teddy bears and cards for Abode Services.
- Supporting humanitarian efforts in Ukraine, raising and donating funds to UNICEF.
- Making 62 blankets for LifeMoves.
- Donating and delivering supplies to the Howard County Animal Control & Adoption Center.
- Stuffing and donating 100 backpacks with school supplies for Boys & Girls Club of San Francisco.
- Walking at the Making Strides Against Breast Cancer event in Baltimore, raising $7,400 for the American Cancer Society.
Topping off an already incredible year, Sonatype was recognized by eight organizations for its market leadership, product excellence, and innovative company culture. Sonatype’s 2022 accolades include:
- 2022 Frost & Sullivan Technology Innovation Leader Award: Sonatype earned Frost & Sullivan’s 2022 Global Technology Innovation Leadership Award in Development and Operations (DevOps) Security.
- NVTC 2022 Cyber Company of the Year: Sonatype was named Commercial Cyber Company of the Year and a Capital Cyber Award-winner by the Northern Virginia Technology Council (NVTC).
- 2022 Annual Peer Award: Sonatype’s Nexus Lifecycle won a PeerSpot Silver Peer Award as a leading Enterprise Technology solution in the Software Composition Analysis category.
- 2022 Best in Biz Award: Sonatype CEO Wayne Jackson was recognized as a Silver Winner in the Best in Biz Awards' Executive of the Year category.
- Tech Ascension Awards: Sonatype was named the Best DevOps Security Solution for Nexus Lifecycle and Nexus Firewall (Software Composition Analysis).
- BuiltIn Best Places to Work: Sonatype was named to the Washington DC 100 Best Places to Work list and Washington DC Best Midsize Places to Work list.
- Computing Technology Product Award: Sonatype was selected as a finalist in the Best Business Security Provider category of Computing’s Technology Product Awards.
- WashingtonExec Pinnacle Awards: Sonatype’s Michael Croll was selected as a finalist in the Software Supply Chain Executive category.
2022 was an incredible year of growth for Sonatype–none of which would be possible without the support of our exceptional employees, brilliant customers, and unparalleled community.
We’re looking forward to another year of industry-leading product development and continuing to provide our customers with top-tier support. We want to enable organizations everywhere to accelerate innovation, and automating software supply chain management is the first step. It’s not too late to get your ball rolling this new year and request a personalized demo.