Sonatype: 1 in 15 open source app components has at least one security vulnerability

Software supply chain automation company Sonatype is hanging out the flags to celebrate the fact that it has experienced a 300 percent growth in the use of its Nexus Repository over the past three years.

The reason for the growth? The firm thinks it is down to growing concern about security vulnerabilities in open source components and containers.

“There is increasing evidence that more organizations are taking software supply chain automation and component security seriously,” said Wayne Jackson, CEO of Sonatype. “Specifically, DevOps-native organisations are embracing tools such as Nexus Repository and Nexus Firewall to automatically block bad components from entering into their mission-critical applications.”

State of the nation

According to the firm’s own State of the Software Supply Chain Report, 1 in 15 open source components used in production applications has at least one known security vulnerability.

The company now claims that organisations that rely on the Nexus Repository to house open source software components and containerized applications have gained new visibility into the quality of components flowing through their software supply chains.

In 2016 alone, Nexus Repository saw a 40 percent increase in the use of its Repository Health Check feature.  Today, 23,000 organisations utilise Repository Health Check every day to automatically analyse security, licensing, and architectural risks across 58 million components living inside local Nexus Repository Managers.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...