Sonatype brings in $80m for automated open source governance

Sonatype, a provider of automated open source governance, has landed an $80m minority investment led by TPG.

The investment also featured additional participation from existing investors Accel, Goldman Sachs and Hummer Winblad. Sonatype will use the funds to accelerate sales, marketing, and R&D investments, fund strategic corporate objectives, and expand its Nexus platform offerings, which is used by more than 10 million software developers and 1,000 enterprises worldwide.

Software developers rely on Sonatype to innovate faster while mitigating security risks inherent in open source. Its nexus platform combines in-depth component intelligence with real-time remediation guidance to automate and scale open source governance across every stage of the modern DevOps pipeline.

“Open source ecosystems offer incredible value without any direct cost, and nearly everyone, whether individual developers, large enterprises, or government agencies, is reaping the benefit,” said Wayne Jackson, CEO of Sonatype.

“Open source innovation has never been more vibrant but, as with any software, there is also potential downside. At Sonatype, we’re enabling organizations to confidently embrace open source so that they can both accelerate innovation and also mitigate risk. TPG is a great addition to our existing team of world-class investors and this transaction enhances an already strong balance sheet.”

Sonatype customer roaster includes business from government, financial services, technology, healthcare and manufacturing sectors. Financial services organizations use Nexus products to manufacture higher quality software.

Regulations like FS-ISAC and PCI are now looking at the security of open source components. PCI requires the establishment of a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information, and assign a risk ranking (for example, as “high,” “medium” or “low”) to newly discovered security vulnerabilities.

Financial Services Information Sharing and Analysis Center (FS-ISAC) also outlines three control types required for financial institution member firms to achieve third party software security. It recommends a bill of materials that clearly identifies the open source code libraries that are part of a commercially developed software package offered to financial service firms.

“Today, open source components underpin a vast majority of our most mission-critical applications at the firm. As we work to build, maintain and update these applications, we must also ensure that we are using the highest quality open source components at every stage of the development cycle,” added, Don Duet, co-head of technology at Goldman Sachs

Copyright © 2018 RegTech Analyst

Enjoying the stories?

Subscribe to our daily FinTech newsletter and get the latest industry news & research


The following investor(s) were tagged in this article.