Content, Channel partners, Security Program Controls/Technologies

Sonatype Open Source Firewall Pursues Developers

Free Firewall Clipart Illustrations at
Sonatype CEO E. Wayne Jackson III
Sonatype CEO E. Wayne Jackson III

Sonatype, a provider of development and operations (DevOps) tools designed to help organizations automate their software supply chains, now offers its Nexus Firewall to developers using the open-source version of its Nexus Repository software storage, distribution and organization tool.

By doing so, Sonatype gives developers the ability to automatically stop vulnerable open-source components from entering a DevOps pipeline, according to a prepared statement.

Nexus Firewall is a next-generation firewall that empowers developers with automated open-source governance policies at the earliest point in the software development lifecycle, Sonatype said. It prevents vulnerable open-source components from entering a software supply chain and blocks and quarantines cyberattacks at the perimeter.

In addition, Nexus Firewall enables organizations to define custom open-source policies and find out when, how and why these policies are violated, Sonatype noted. It also provides auditing capabilities to help organizations examine open-source components and identify vulnerabilities.

Sonatype last week added Nexus Firewall support for the RubyGems and RPM package management system components. This ensures RubyGems and RPM components downloaded from public repositories are evaluated for license, security and other risks, according to a prepared statement.

With Nexus Firewall support, developers can define and enforce quality thresholds for RubyGems and RPM, as well as PyPI, NuGet, npm and Java component formats. They also can leverage Nexus Firewall to analyze and admit various secure components, Sonatype said, and protect production applications against risky components.

Sonatype Growth Stats

Sonatype capitalized on the rising demand for automated, secure software development in 2017, which is reflected in some of the company's performance results.

Key performance results for Sonatype in 2017 included:

  • 75 percent increase in new sales.
  • 125 percent net renewal rate.
  • 72 percent increase in developers using Nexus.
  • 150 new enterprise clients.

More than 10 million developers currently use Nexus, according to Sonatype. Meanwhile, the company increased its headcount by 40 percent in 2017 and continues to explore growth opportunities -- though actual revenue and profit figures remain undisclosed.

Sonatype's executive team has a strong track record in the network security, artificial intelligence and enterprise software markets. CEO E. Wayne Jackson III, for instance, previously was CEO of open source network security company Sourcefire, which Cisco acquired for $2.7 billion. Earlier, he co-founded Riverbed Technologies.

Sonatype: Here's What You Need to Know

Sonatype offers Nexus products to help development organizations source, manage, assemble and maintain open-source and third-party components.

Today, more than 150,000 organizations use Nexus to govern the volume, variety and quality of open-source components flowing into their software applications, Sonatype indicated.

The company's go-to-market strategy doesn't specifically mention MSSPs -- though cloud platform, pipeline and solution partners (particularly systems integrators and VARs) are on the company's partner radar.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.