2022 was an extraordinary year at Sonatype. We worked at the White House with our peers to decide the best path for securing open source software (OSS) against continuously evolving supply chain attacks. And closer to home, we were proud to launch new culture programs to recognize and reward our employees.
We had a lot to celebrate, let’s look at a few highlights.
As an industry pioneer and the inventor of componentized software development, Sonatype continually pushes the boundaries of what’s possible in open source security and software supply chain management. This year, we introduced several new product and platform updates to help keep our customers ahead of the curve, including:
Our industry-leading Sonatype Repository Firewall achieved a new milestone in 2022: discovering and blocking over 103,000 total malicious packages from being downloaded into open source repositories. Using next-generation, proprietary behavioral analysis and automated policy enforcement, Firewall identified more than 36,100 newly published packages as malicious in the past year alone. Sonatype Repository Firewall is the only solution to detect and block malicious and suspicious open source components from entering the software development life cycle (SDLC), stopping known and unknown open source risk from being downloaded.
We also focused on relationship-building, furthering our 255-member partnership program and integrations to provide the most comprehensive security solutions possible. In August, we announced Sonatype Lifecycle’s Red Hat OpenShift Operator Certification, giving Red Hat OpenShift customers intelligent insight into their open source components. And in October, we expanded our strategic partnership with CyberRes to provide organizations with a complete open source and application security solution.
In addition to an evolved platform, 2022 brought an evolved Sonatype team. To support our product development, company growth, and continued innovation, we added 308 new talented Sonatypers to our roster–nearly doubling our team's size in a year. We also bolstered our leadership team with several key hires and appointments, including:
To help welcome our newcomers, we hosted our first all-hands, in-person event in 2.5 years in San Francisco. More than 360 Sonatypers from around the globe (and almost 200 virtually) joined together to connect, strategize, give back to the community, and build a solid foundation for 2023.
If it felt like Sonatype was everywhere, it’s because we were! 2022 was a standout year for event attendance and participation. We had a presence at 150+ global security, DevSecOps, developer, and AppSec gatherings, and established new community connections.
Security Slam, in partnership with The Cloud Native Computing Foundation (CNCF)
Another highlight was partnering with The Cloud Native Computing Foundation (CNCF) on an inaugural virtual Security Slam event. This event did two things: first, it brought together open source maintainers and contributors to improve the security posture of open source projects. A total of 13 open source software projects participated in the event, and 11 raised their CLOMonitor Security score to 100%, leveraging CNCF tools to increase their open source security posture, awareness, and compliance. It also raised $27,500 for the CNCF Diversity Scholarship Fund, which helps underrepresented individuals become valuable members of the CNCF community.
As a mission-driven company, giving back and supporting our communities is embedded into everything we do. We offer all employees paid volunteer time off (VTO), which Sonatypers used this year to work their neighborhood polling places, volunteer at local surf lifesaving clubs, mentor high school students, volunteer with the American Red Cross, and more. We were also honored to support several organizations as a company, which included:
Topping off an already incredible year, Sonatype was recognized by eight organizations for its market leadership, product excellence, and innovative company culture. Sonatype’s 2022 accolades include:
2022 was an incredible year of growth for Sonatype–none of which would be possible without the support of our exceptional employees, brilliant customers, and unparalleled community.
We’re looking forward to another year of industry-leading product development and continuing to provide our customers with top-tier support. We want to enable organizations everywhere to accelerate innovation, and automating software supply chain management is the first step. It’s not too late to get your ball rolling this new year and request a personalized demo.