Knowledge Tree
Home Research Docs About
entity

Sonatype

Facts (15)

Sources
State of the Software Supply Chain Report | 10 Year Look - Sonatype sonatype.com Sonatype 6 facts
claimThe year 2017 marked the emergence of the first targeted attacks on the software supply chain using open source malware, as reported by Sonatype's State of the Software Supply Chain reports.
imageFigure 1.3 in the Sonatype report illustrates the rate of vulnerability remediation over time, showing how long projects took to remediate known vulnerabilities in their dependencies.
claimSonatype has been advocating for better software supply chain controls since 2014, noting that the proposed Royce bill could have significantly impacted the industry's preparedness if it had passed at that time.
perspectiveSonatype asserts that if the Software Bill of Materials (SBOM) requirement from the 2014 Royce Bill had been implemented, the industry might have mitigated many of the supply chain attacks and vulnerabilities that have occurred in recent years.
imageFigure 1.4 in the Sonatype report displays release frequency by severity, showing how long projects took on average to remediate dependency vulnerabilities broken down by severity.
referenceThe 10th Annual State of the Software Supply Chain Report by Sonatype examines four key dimensions of the software supply chain: attackers, publishers, consumers, and regulators.
Software License Types Explained: Open and Closed Source sonatype.com Sonatype Apr 26, 2023 4 facts
claimSonatype's license policy standards classify strong copyleft licenses as 'Banned' to prevent components containing them from entering production environments, as organizations using GPL-licensed software in commercial hardware and software are required to share their intellectual property and source code.
claimThe Advanced Legal Pack (ALP) by Sonatype generates reports that assist organizations in fulfilling open source software license obligations, specifically regarding attribution and weak copyleft requirements.
claimCrystal serves as a Product Marketing Manager for the Advanced Legal Pack, Container, Cloud, and Disconnected solutions at Sonatype.
claimThe Advanced Legal Pack (ALP) by Sonatype categorizes thousands of software licenses into eight default 'Threat Groups,' ranging from 'Banned' to 'Liberal,' to assist DevSecOps teams in managing legal risk.
Open Source Software: What is OSS? - Sonatype sonatype.com Sonatype 2 facts
claimThe Sonatype platform helps organizations automate risk mitigation without slowing down development, ensuring speed and compliance across the software supply chain.
claimSonatype provides a solution for managing the security, legal, and operational risks of using open source software.
What Is Open Source Software Licensing? - Coursera coursera.org Coursera Dec 9, 2025 1 fact
claimSonatype is a tool that provides software supply chain security, including vulnerability protection and open source risk management.
Cyber Insights 2025: Open Source and Software Supply Chain ... securityweek.com SecurityWeek Jan 15, 2025 1 fact
claimAx Sharma, a security researcher at Sonatype, observes that new protocols like the tea protocol, which use blockchain rewards for developers, are driving users to abuse open source registries to test self-reward mechanisms.
Open source software best practices and supply chain risk ... - GOV.UK gov.uk Department for Science, Innovation and Technology Mar 3, 2025 1 fact
claimSnyk, Sonatype, and Synopsys (Black Duck) are considered 'leaders' in the field of tools for managing open source software security risks, as identified in a literature review by Worthington et al. (2023).