SOURCE: Sonatype


September 19, 2011 08:00 ET

Sonatype Launches New Product Suite for Greater Visibility and Control of Open Source Usage in the Enterprise

Sonatype Insight™ Allows Organizations to Build Better Software Faster Without Quality, Security or Licensing Risks

SILVER SPRING, MD--(Marketwire - Sep 19, 2011) - Sonatype, the company that is transforming software development, today announced the general availability of Sonatype Insight, a new suite of software products and information services for ensuring the integrity of open-source components in the software supply chain and throughout the enterprise. Providing unparalleled visibility and control of open-source component usage by development teams -- without disrupting software development processes -- Sonatype Insight enables organizations to benefit from the economic and development efficiencies of open source without quality, security or licensing risks.

Sonatype Insight is a fast and precise solution that combines organizational consumption awareness, real-time component change data and a vast library of quality, security and licensing information. While other approaches to open-source management are either unenforceable, or find issues late in the development cycle when rework becomes prohibitively expensive, Sonatype Insight is non-intrusive, non-disruptive and tightly interwoven with existing development processes. Organizations can gain actionable intelligence about open-source usage at any stage of the application development process. After applications are released to production, Sonatype Insight continuously monitors their bill-of-materials and alerts users if new quality or security defects are uncovered.

Sonatype Insight leverages the Central Repository -- the software industry's leading repository for open-source software (OSS) components used by more than 40,000 organizations and containing more than 300,000 Java components from all major open-source projects. As the principal caretaker of the Central Repository, Sonatype is uniquely positioned to offer organizations more than manual checks and first-generation scans to discover the true composition of critical applications. Sonatype Insight goes deeper to find flawed components, even when they're hidden deep in an application's dependency tree. As a pioneer in open-source development tools, Sonatype designed Insight to integrate with the development process to ensure only components that meet an organization's quality, security and licensing standards are used -- from the design stage through to production.

Sonatype Insight is comprised of three integrated products that support the modern, component-based development process and offer important reporting and management capabilities for application managers, legal and compliance executives, information security executives and IT leadership:

  • Management Insight: Provides visibility, proactive monitoring and actionable intelligence about organizational OSS usage including security, license and quality metadata for components.
  • Development Insight: Enables proactive management of OSS component usage throughout the software development process. Plug-ins for existing development tools deliver quality, security and licensing information where it's needed without disrupting the development process.
  • Application Insight: Analyzes and continuously monitors the composition of software applications, ensuring that they do not have hidden security, license or quality risks caused by incorporating problematic OSS components. The product notifies users immediately of newly discovered flaws in components -- even after applications are in production.

Executive and Analyst Quotes

  • "We have brought to market a truly unique product suite to meet an increasingly important function of application development and enterprise IT -- software composition analysis -- one that has direct consequences to the security, quality, business risk and compliance of an organization. As the pervasiveness of open source continues, the market opportunity for Insight is tremendous and should appeal to all Java software developers (six million and counting) and any company in the world that has used open-source components at any point during the development of mission-critical applications." -- Wayne Jackson, CEO of Sonatype
  • "The launch of Insight is a defining moment for Sonatype in its corporate history and marks a turning point in our strategic direction. Building on our deep roots in open-source development, we have built a product that integrates with the development process to provide helpful, proactive information rather than being a burden or afterthought to developers. Sonatype Insight delivers actionable information to the right people, in the right context, at the right time -- without disrupting their development processes." -- Jason van Zyl, Founder and CTO of Sonatype
  • "Without a governance program and an accompanying management policy, the IT organization cannot hope to manage, audit or track open-source assets that come into or leave the enterprise, and it cannot measure the appropriate use of open-source assets within the broader IT portfolio. At best, an IT organization can simply react tactically to risks (e.g., catastrophic technical failures) after the fact." -- Mark Driver, Research Vice President, Gartner, Inc. from A CIO's Perspective on Open-Source Software, Jan. 31, 2011

Supporting Facts

  • According to Gartner, Inc., by 2016 OSS will be included in mission-critical software portfolios within 99 percent of Global 2,000 enterprises, up from 75 percent in 2010 -- from the research report Predicts 2011: Open-Source Software, the Power Behind the Throne, Nov. 23, 2010 by Yefim V. Natis, George J. Weiss, Mark Driver, Laurie F. Wurster, Brian Prentice and Bob Igou
  • The January 2011 survey of 1,600 software developers, team leads and architects conducted by Sonatype found that 87 percent of component use is ungoverned
  • The Central Repository receives approximately four billion hits per year making it one of the most widely accessed services on the Web today
  • 'Central' is used by 42,000 development organizations per month including more than half of the Global 2,000 and the world's largest financial institutions and software vendors
  • The Central Repository contains more than 300,000 Java components and is on pace to support 90 percent of all Java open-source projects by the end of 2011
  • 'Central' has been maintained and fiscally supported by Sonatype since 2007

About Sonatype Inc.
Sonatype is transforming software development with tools, information and services that enable organizations to build better software, faster, using open-source components. With Sonatype Insight, organizations gain unprecedented levels of visibility and control over open-source component usage without disrupting their software development process. The company's professional-grade Java development tools are trusted by leading development organizations and software vendors to enhance the most widely used open source development-infrastructure products with added technical support from Sonatype's team of experts. Sonatype supports the open-source community as an innovator and key contributor to projects such as Nexus, Apache Maven, m2eclipse, Hudson, p2 and Tycho and as the steward of the Central Repository -- the industry's primary source for open-source components, housing more than 300,000 software components, serving four billion requests per year. Sonatype is privately held with investments from Accel Partners, Bay Partners, Hummer Winblad Venture Partners and Morgenthaler Ventures. Visit:

Apache, Apache Maven and Maven are trademarks of the Apache Software Foundation.

Contact Information

  • Media Contact:
    April Harned
    PR for Sonatype
    Email Contact