Sonatype

The Project: Simplifying Software Supply Chains

I worked on a small experimental team within Sonatype, tasked with leveraging the company’s extensive security data to build new user interfaces that made open-source dependency management approachable. The goal was to help developers quickly identify and resolve supply chain issues with minimal effort. While the project ultimately didn’t continue as a standalone product, the work proved valuable enough that its assets and insights were later integrated into Sonatype’s flagship product.

The Problem: Open-Source Supply Chains are Inherently Complex

Dependency graphs are dense by nature. With five components, you can still see what’s connected. With hundreds — which is typical for real projects — the visualization becomes a wall of noise. The core design challenge was helping users identify what actually matters in that complexity.

Exploring Visualizations

I explored several graph layouts to determine which best helped users prioritize what to focus on. Force-directed graphs looked impressive but made it difficult to parse hierarchy. A tree layout proved more effective because it preserved parent-child relationships that developers already understood intuitively.

Going Further with Node Details

A visualization alone wasn’t enough. Through user observation, I identified what aspects of the graph people were naturally drawn to, then designed detail panels that surfaced relevant data when a node was selected — giving users a path from overview to investigation without losing their place.

Alternative Approaches

The graph visualization was effective for exploration, but I found it functioned more as an attention-grabber than a daily workflow tool. Users needed something more actionable. I designed a list view that let users quickly scan for high-priority issues and take action with a single click — trading visual spectacle for practical efficiency, as long as users trusted the system’s recommendations.

Diving Deeper: For Users Who Want It All

Not every user would trust automated recommendations on day one. For those who preferred to investigate before acting, I designed detailed tab views that surfaced comprehensive vulnerability data and a full overview of the dependency landscape — giving them the depth they needed to build confidence in the system.

Summary and Outcomes

The project didn’t continue as a standalone product, but the work lived on. A year later, the design patterns, visualization approaches, and insights from this experiment were integrated into Sonatype’s main product — validating that the explorations we undertook were solving real problems, even if the original vehicle changed.

This project sharpened my ability to take a domain that is inherently technical and dense — software supply chain security — and find ways to make it approachable and actionable. Designing for developers who think in code and systems, while making the interface accessible to less technical stakeholders, was one of the most challenging and rewarding design problems I’ve worked on.