Recognized for Completeness of Vision and Ability to Execute

Fulton, Md. – October 14, 2025 – Sonatype®, the leader in AI-centric DevSecOps, today announced that it has been recognized by Gartner as a Visionary in the 2025 Magic Quadrant for Application Security Testing (AST), marking Sonatype’s second consecutive appearance in the report. The evaluation was based on specific criteria that analyzed the company’s overall Completeness of Vision and Ability to Execute. 

Sonatype has redefined Software Composition Analysis (SCA) by bringing together enterprise-grade SCA tools with the world’s most trusted binary artifact manager Nexus Repository, open source malware prevention and protection, container security and management, automated dependency management, and SBOM management. With Sonatype’s automated remediation, customers experience 20% risk reduction to total vulnerable components, as well as a 30% faster mean time to remediate. 

“Security can’t be inspected into software at the end — it has to be engineered into how we design and develop it from the beginning,” said Mitchell Johnson, Chief Product Development Officer at Sonatype. “We believe our recognition as a Visionary reflects Sonatype’s influence in redefining application security through automation, curated intelligence, and developer-first solutions that optimize quality and prevent risk before it enters the software supply chain.”

Magic Quadrant reports are a culmination of rigorous, fact-based research in specific markets, providing a wide-angle view of the relative positions of providers in markets where growth is high and provider differentiation is distinct. Providers are positioned into four quadrants: Leaders, Challengers, Visionaries and Niche Players. The research enables you to get the most from market analysis in alignment with your unique business and technology needs.

View a complimentary copy of the Magic Quadrant report to learn more about Sonatype’s placement at www.sonatype.com/resources/2025-gartner-magic-quadrant. 

Gartner, Magic Quadrant for Application Security Testing, Jason Gross, Mark Horvath, Giles Williams, Shailendra Upadhyay, Dionisio Zumerle, Aaron Lord, 14 October 2025

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Sonatype 

Sonatype is the leader in AI-centric DevSecOps. As the maintainers of Maven Central and creators of Nexus Repository, Sonatype has spent two decades pioneering how the world manages and secures open source software — making Sonatype the trusted authority for modern software supply chains. With unmatched open source visibility and a unified product suite built for modern software development, Sonatype gives enterprises the intelligence and automated governance they need to harness the full potential of open source and AI. Sonatype handles the complexity behind the scenes: guiding component and model selection, blocking harmful malicious code, automating dependency and vulnerability management, and ensuring faster, more reliable builds — so developers spend more time on innovation and less time on remediation and rework. Trusted by more than 15 million developers, Sonatype helps power secure, modern software development at nearly 2,000 global organizations including 70% of the Fortune 100. To learn more about Sonatype, please visit www.sonatype.com.