Momentum fueled by demand for DevOps-native open source governance tools
Fulton, MD – January 18, 2017 – Sonatype, the leader in software supply chain automation, today announced 300 percent growth in the use of Nexus Repository over the past three years. During this period, the number of active instances of Nexus Repository grew from 30,000 to 120,000 spurred by the introduction of Nexus Repository v3, universal support for component formats, and growing concern among enterprises about security vulnerabilities in open source components and containers.
Number of Nexus Repository installations actively downloading components from the Central Repository (2009 - 2016)
Organizations that rely on the Nexus Repository to house open source software components and containerized applications have gained new visibility into the quality of components flowing through their software supply chains. In 2016 alone, Nexus Repository saw a 40 percent increase in the use of its Repository Health Check feature. Today, 23,000 organizations utilize Repository Health Check every day to automatically analyze security, licensing, and architectural risks across 58 million components living inside local Nexus Repository Managers.
The popularity of open source software development continues to grow because it minimizes the need to code from scratch. However, as indicated in the most recent State of the Software Supply Chain Report, 1 in 15
Gartner analysts Neil MacDonald and Ian Head wrote in Gartner’s September 2016 report, DevSecOps: How to Seamlessly Integrate Security into DevOpsthat, “By 2019, more than 70% of enterprise DevOps initiatives will have incorporated automated security vulnerability and configuration scanning for open source components and commercial packages, up from less than 10% in 2016.”
“There is increasing evidence that more organizations are taking software supply chain automation and component security seriously,” said Wayne Jackson, CEO of Sonatype. “Specifically, DevOps-native organizations are embracing tools such as Nexus Repository and Nexus Firewall to automatically block bad components from entering into their mission-critical applications.”
Gartner analysts, Neil MacDonald and Ian Head echoed this sentiment in their DevSecOps report, writing, “The issue is that often developers (knowingly or unknowingly) download known vulnerable open source components and frameworks for use in their applications.” A best practice recommended in the report is to “implement an ‘OSS firewall’ to proactively prevent developers from downloading known vulnerable code from Maven, GitHub, and other OSS code repositories by policy.”
Additional Resources
- Learn how Fannie Mae is using Nexus Firewall to automate their security needs
- Watch this video: Block and Quarantine Vulnerable Open Source Components and Artifacts with Nexus Firewall [5 min.]
- Read Sonatype’s latest blog LEGO, Death Stars, and Millennium Falcons, Oh My
- Download the 2016 State of the Software Supply Chain Report
- Download the Gartner report DevSecOps: How to Seamlessly Integrate Security into DevOps
About Sonatype
Last year developers requested 31 billion components from the Central Repository to manufacture the software applications that run the world. Additionally, with more than 120,000 installations, companies around the globe use Sonatype’s Nexus solutions to manage reusable components and improve the quality, speed and security of their software supply chains. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Hummer Winblad Venture Partners, Morgenthaler Ventures, Bay Partners and Goldman Sachs. For more information, visit: www.sonatype.com
Media Contact
Jennifer Edgerly
SpeakerBox Communications for Sonatype
jedgerly@speakerboxpr.com
703-287-7809