Scandio is Sonatype Silver Partner! We are very excited about this new partnership with one of the world’s leading pioneers in open source software development.

As security is an essential part of our business for all our customers, strategic collaboration with Sonatype is an important step. The broad product range with components such as Auditor and Lifecycle is very well suited as a solution for existing challenges or future requirements in the area of DevOps Engineering. With Sonatype’s Nexus platform, we can add value to the entire development pipeline.

Who is Sonatype?

The Sonatype journey began 10 years ago when the concept of open source software development gained speed. From its humble beginnings as a developer at Apache Maven, to supporting the world’s largest repository of open source components (Central), to developing the world’s most popular repository manager (Nexus), Sonatype has played a leading role in DevSecOps.

Today’s core business is based on a large number of open source libraries that have spread and are found in virtually every development environment. These open source components, when properly managed, can be a tremendous driver for accelerating innovation. Conversely, unmanaged open source components can lead to security vulnerabilities, licensing risks, extensive remediation needs, and waste of resources.

What does Sonatype do?

Sonatype is focused on helping companies take full advantage of open source, continuously and without risk. This takes the form of machine learning, artificial intelligence and human expertise that goes into every Nexus product. Companies equipped with Nexus products make better decisions, evolve faster and know that their applications are always made of the highest quality open source components.

Today, Sonatype’s integrated open source governance platform (Nexus) helps more than 1,000 companies and 10 million software developers accelerate innovation while increasing application security. This machine learning engine (Nexus Intelligence) has analyzed more than 20 million open source libraries. Sonatype continuously shares its findings with customers so they can make better innovation decisions early in their development process. DevOps teams are now able to eliminate manual governance issues and deliver secure software faster than ever before. Everyone is satisfied: developers, security professionals and IT staff.


We are very pleased about the joint partnership and hope for an even more targeted support and advice of our customers regarding their individual requirements. A joint training session in April already served as a good start. This makes us feel well prepared and we are looking forward to future projects!

Sounds interesting? If you are still interested in this topic, we can only warmly recommend the following articles from Sonatype:

40 DevSecOps Reference Architectures To Learn From

Why You Need DevSecOps and Artifact Repositories

Keeping third-party dependencies in check with Nexus Lifecycle