Sonatype SBOM Manager and Nexus Repository Now Available in AWS Marketplace
July 25, 2024

Sonatype announced that Sonatype SBOM Manager, its Enterprise-Class Software Bill of Materials (SBOM) solution, and its artifact repository manager, Nexus Repository, are now available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).

AWS customers will now have access to the full Sonatype platform, including Sonatype Firewall Repository’s open source malware protection and Sonatype Lifecycle’s software composition analysis solution, directly within AWS Marketplace. Sonatype’s availability provides AWS customers with the ability to streamline the purchase and management of the full Sonatype platform within their AWS Marketplace account.

AWS customers can now manage open source components and risk throughout the software development life cycle (SDLC) at the enterprise level. This helps eliminate uncertainty in SBOM collection, monitoring, and compliance, automatically blocks malicious code and open source malware, streamlines policy enforcement, enhances incident response times, and accelerates code delivery. Enterprises partnering with Sonatype benefit from 26x faster identification and remediation of open source software (OSS) components, a 70% reduction in exploitability windows from adversary attacks, and a 99% decrease in developer time spent on researching, securing approval, and downloading quality OSS components.

"In today's world, where enterprise software is constituted of more than 85% open source, and secure development regulations are increasing, organizations need a trusted partner like Sonatype to empower their developers to innovate, securely at lightning speed," said Mitchell Johnson, Chief Product Development Officer at Sonatype. "With Sonatype’s full platform and suite of solutions available in AWS Marketplace, we're making it easier than ever for businesses to harness the power of open source and fortify their software supply chains against risk, all powered by Sonatype’s unrivaled open source data and security research.”

With Sonatype available in AWS Marketplace, you can expect:

- Rapid, Reliable SBOM Compliance at Scale: Sonatype SBOM Manager brings Sonatype’s best-in-class component scanning and comprehensive open source (OSS) data intelligence together with market-leading SBOM management support. It streamlines and automates the requesting, auditing, distributing, and monitoring of an organization’s first and third-party SBOMs. And, by creating a centralized repository for SBOMs, organizations can easily keep up with emerging software security regulations.

- World’s Leading Artifact Repository: Built by the founders and stewards of Maven Central, Sonatype Nexus Repository empowers software development teams to efficiently scale and manage components, binaries, and build artifacts across their entire software supply chain. It enables teams to build quickly and reliably and publish and cache components in a central repository that connects natively to all popular package managers.

- The Only Open Source Malware Detection Solution: Sonatype's artificial intelligence (AI)-powered Repository Firewall detects more than 2,100 intentionally malicious components every month, and blocks them, preventing malware from entering the software supply chain and infecting upstream systems.

- Expanded Software Composition Analysis (SCA): Sonatype's deep understanding of open source components and their vulnerabilities enables precise identification and mitigation of risks throughout the software development lifecycle.

- Unrivaled Dependency Management: Sonatype empowers organizations to understand and control the complex relationships between software dependencies, ensuring a secure and reliable foundation for applications.

Share this

Industry News

May 14, 2025

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families; extending beyond cybersecurity specialists.

May 14, 2025

CodeRabbit is now available on the Visual Studio Code editor.

The integration brings CodeRabbit’s AI code reviews directly into Cursor, Windsurf, and VS Code at the earliest stages of software development—inside the code editor itself—at no cost to the developers.

May 14, 2025

Chainguard announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure.

May 14, 2025

Sysdig announced the donation of Stratoshark, the company’s open source cloud forensics tool, to the Wireshark Foundation.

May 13, 2025

Pegasystems unveiled Pega Predictable AI™ Agents that give enterprises extraordinary control and visibility as they design and deploy AI-optimized processes.

May 13, 2025

Kong announced the introduction of the Kong Event Gateway as a part of their unified API platform.

May 13, 2025

Azul and Moderne announced a technical partnership to help Java development teams identify, remove and refactor unused and dead code to improve productivity and dramatically accelerate modernization initiatives.

May 13, 2025

Parasoft has added Agentic AI capabilities to SOAtest, featuring API test planning and creation.

May 13, 2025

Zerve unveiled a multi-agent system engineered specifically for enterprise-grade data and AI development.

May 12, 2025

LambdaTest, a unified agentic AI and cloud engineering platform, has announced its partnership with MacStadium(link is external), the industry-leading private Mac cloud provider enabling enterprise macOS workloads, to accelerate its AI-native software testing by leveraging Apple Silicon.

May 12, 2025

Tricentis announced a new capability that injects Tricentis’ AI-driven testing intelligence into SAP’s integrated toolchain, part of RISE with SAP methodology.

May 12, 2025

Zencoder announced the launch of Zen Agents, delivering two innovations that transform AI-assisted development: a platform enabling teams to create and share custom agents organization-wide, and an open-source marketplace for community-contributed agents.

May 08, 2025

AWS announced the preview of the Amazon Q Developer integration in GitHub.

May 08, 2025

The OpenSearch Software Foundation, the vendor-neutral home for the OpenSearch Project, announced the general availability of OpenSearch 3.0.

May 08, 2025

Jozu raised $4 million in seed funding.