Sonatype, the software supply chain optimisation company, announced an integration with ServiceNow, the AI platform for business transformation, to incorporate Sonatype Lifecycle software composition analysis and open-source vulnerability scans directly into existing workflows.
This accelerates the response to application vulnerabilities, particularly in open-source software components, enhancing security measures and remediation efforts across enterprise environments.
Unified vulnerability management
For customers that use both ServiceNow and Sonatype, the integration enables the seamless transfer of vulnerability scan results from Sonatype Lifecycle directly into ServiceNow’s Application Vulnerability Response (AVR), creating a unified vulnerability management experience combining SCA, SAST, and DAST results from other systems.
From this single plane, customers can triage based on risk and initiation of workflows for quick analysis and remediation.
Data and malware protection
"Bad actors are constantly evolving their attack methods to be quicker and more agile. It’s our job, to ensure customers have our unique open source data and malware protection, when and where they need it, to keep them one step ahead of attackers,” said Mitchell Johnson, chief product development officer at Sonatype.
“The integration with ServiceNow makes it even easier for our customers to stay ahead."
Open-source software
"It ensures that vulnerabilities are identified, tracked, and remediated more efficiently, in turn reducing the risks associated with open-source software vulnerabilities while saving time and money."
"By combining our efforts, we empower developers and security teams to collaborate more closely and respond to security risks with greater speed and precision.”
Digital business
“Partnerships succeed best when we lean into our unique skills and expertise and have a clear view into the problem we’re trying to solve,” said Erica Volini, senior vice president of global partnerships at ServiceNow.
"Sonatype’s Lifecycle integration extends our reach well beyond where we can go alone and represents the legacy and goals of the Now Platform. I am thrilled to see the continued innovation we will achieve together to help organisations succeed in the era of digital business.”
Vulnerability lifecycle management
Integrated solution offers key functionalities including automated import of application vulnerabilities
The newly integrated solution offers key functionalities including automated import of application vulnerabilities and predefined workflows for effective vulnerability lifecycle management.
This enhances the capabilities of users within Sonatype’s customer base, allowing them to better prioritise and remediate security issues.
Key benefits for customers
- Faster Remediation: Vulnerabilities are flagged swiftly allowing developers to address and remediate issues quickly, significantly reducing the turnaround time and associated risks.
- Improved Collaboration: The integration fosters enhanced cooperation between development and security teams, ensuring vulnerabilities are addressed comprehensively and efficiently.
Streamlined experience
The free plugin, which facilitates this integration, is available to all Sonatype Lifecycle customers in the ServiceNow Store.
It promises a streamlined experience that not only enhances visibility into application vulnerabilities but also ensures they are managed and remediated promptly within the ServiceNow environment.
