News and notes from the makers of Nexus
What the TPG-led $80M Investment Means for the Future of Sonatype and the DevSecOps Movement

Today, I’m proud to share that TPG Capital has led an $80 million investment in Sonatype; this is an incredibly exciting development for our company.

This past week, I shared a few thoughts in our company All Hands on what this means - not only for Sonatype, but what it signifies about the maturity, and importance, of open source governance and the DevSecOps movement. I’d like to share some of those same thoughts with you now...

What does this mean for Sonatype?  Make no mistake; this is an incredible milestone for our business – a milestone most companies never reach. This is a testament to the outstanding team we have assembled, the rapidly scaling business we have created, and the innovative open source governance solutions we have introduced to the market.

Why TPG?  For a rapidly growing business like ours – there are numerous opportunities to tap capital markets.  TPG, however, isn’t just another investor. They are among the top 10 private equity firms in the world and they work in a broad range of sectors like financial service, IT & communication technology, healthcare, media & entertainment, etc.  I am incredibly excited about the potential this unlocks for us in the years to come.   

Why now? Software is the last path to differentiation in every industry.  It’s being developed faster than ever before — and is being continuously delivered into production faster than traditional IT organizations can manage. In this new normal, developers are king, open source is everywhere, apps live in public clouds, perimeters have largely dissolved, and software applications must be secure by default.

Unfortunately, the incredibly rapid proliferation of open source makes this really, really hard. At Sonatype, we literally monitor millions of open source commits per day.  Last year hundreds of billions of components were downloaded by software developers, 12% of which had known security defects.

We believe that developers are committed to building secure software, however they need the right information to do so. That's why, over the past several years, we’ve uniquely engineered our Nexus platform to empower BOTH software developers and application security professionals to harness, at scale, all of the good that open source has to offer while minimizing the risk.

How will we use the funds? While we already had a very strong balance sheet, the funds raised in our financing provide Sonatype with additional capital to build a truly unique software enterprise.  We will use this new capital to continue doing what we have already been doing; with greater ability to accelerate sales and marketing investments, scale customer success, increase R&D, and expand our Nexus platform offerings.

We will further analyze, evaluate, and aggregate ecosystem data across the open source landscape, to enable a more efficient flow of components from producers to consumers - and, from development to production - delivering on the true promise of fully automated DevSecOps.

At Sonatype, we have developed pioneering solutions, delivered them to market, and had a lot of fun while doing it. As I told the company, I am excited for what the coming years will bring and the expanded value we will be able to deliver to our customers around the world.

Recent Posts

Posts by Topic

see all

Get Blog Updates