Sonatype- Experts & Thought Leaders

Sonatype, the end-to-end software supply chain security platform, and OpenText are partnering to offer a single integrated solution that combines open-source and custom code security, making finding and fixing vulnerabilities faster than ever. Together, Sonatype’s Software Composition Analysis (SCA) solutions and Static and Dynamic Application Security Testing (SAST/DAST) from Fortify by OpenText offer a comprehensive, integrated security solution spanning the entire software development lifecycle. State of the Software Supply Chain® Report Sonatype’s 2024 State of the Software Supply Chain® Report found that in 2024, some critical vulnerabilities took more than 500 days to fix. By combining Sonatype’s open-source governance with Fortify’s advanced application security testing, organisations can detect, prevent, and remediate vulnerabilities with maximum efficiency. Solution benefits Enterprises leveraging this integrated solution experience: End-to-end software supply chain security: Robust protection for both open source and proprietary code, ensuring comprehensive coverage across the entire application stack from the first line of code to production. Streamlined DevSecOps practices: Automated security checks seamlessly integrate into CI/CD pipelines, ensuring that developers can maintain their velocity without compromising security. Automated efficiency: AI-powered tooling to streamline auditing, security prioritisation, licencing, and more across custom code and open source. Optimised risk mitigation and compliance: Early detection of security issues, unified reporting, and prioritised remediation, helping organisations meet regulatory requirements and manage risks effectively at scale. SCA solutions "At Sonatype, we’re dedicated to empowering organisations to take ownership of their software supply chain security without sacrificing speed and agility. Partnering with like-minded organisations like OpenText is critical to furthering this mission,” said Tyler Warden, Vice President of Products at Sonatype. “In uniting our innovative SCA solutions with Fortify’s proprietary code security tools to create this single pane of glass platform, we make it easier for developers and security teams to eliminate technical debt, maintain visibility, and quickly respond to security risks.” Visibility and quick response “The best partnerships lean into each organisation’s unique strengths in support of a common goal. Sonatype and OpenText offer best-in-class code security solutions that, when combined, streamline security across the entire software development lifecycle,” said Dylan Thomas, Senior Director of Engineering and Product for Application Security at OpenText. "I am excited for our continued joint evolution and innovation to enable safe, secure, and fast software development.” Hundreds of global organisations leverage the integrated Sonatype and Fortify by OpenText solution to be ambitious, move fast, and do it securely.

Sonatype, the end-to-end software supply chain security platform, announced that Sonatype SBOM Manager, its Enterprise-Class Software Bill of Materials (SBOM) solution, and its pre-eminent artefact repository manager, Nexus Repository, is now available in AWS Marketplace, a digital catalogue with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS). AWS customers will now have access to the full Sonatype platform, including Sonatype Firewall Repository’s open-source malware protection and Sonatype Lifecycle’s software composition analysis solution, directly within AWS Marketplace. Sonatype’s availability provides AWS customers with the ability to streamline the purchase and management of the full Sonatype platform within their AWS Marketplace account. Partnering with Sonatype Enterprises partnering with Sonatype benefit from 26x faster identification and remediation of OSS AWS customers can now manage open-source components and risk throughout the software development life cycle (SDLC) at the enterprise level. This helps eliminate uncertainty in SBOM collection, monitoring, and compliance, automatically blocks malicious code and open-source malware, streamlines policy enforcement, enhances incident response times, and accelerates code delivery.  Enterprises partnering with Sonatype benefit from 26x faster identification and remediation of open source software (OSS) components, a 70% reduction in exploitability windows from adversary attacks, and a 99% decrease in developer time spent on researching, securing approval, and downloading quality OSS components. Sonatype’s full platform and solutions "In today's world, where enterprise software is constituted of more than 85% open source, and secure development regulations are increasing, organisations need a trusted partner like Sonatype to empower their developers to innovate, securely at lightning speed," said Mitchell Johnson, Chief Product Development Officer at Sonatype. "With Sonatype’s full platform and suite of solutions available in AWS Marketplace, we're making it easier than ever for businesses to harness the power of open source and fortify their software supply chains against risk, all powered by Sonatype’s unrivalled open source data and security research.” Sonatype available in the AWS Marketplace With Sonatype available in AWS Marketplace, they can expect:  Rapid, Reliable SBOM Compliance at Scale: Sonatype SBOM Manager brings Sonatype’s best-in-class component scanning and comprehensive open source (OSS) data intelligence together with market-leading SBOM management support. It streamlines and automates the requesting, auditing, distributing, and monitoring of an organisation’s first and third-party SBOMs. And, by creating a centralised repository for SBOMs, organisations can easily keep up with emerging software security regulations. World’s Leading Artefact Repository: Built by the founders and stewards of Maven Central, Sonatype Nexus Repository empowers software development teams to efficiently scale and manage components, binaries, and build artefacts across their entire software supply chain. It enables teams to build quickly and reliably and publish and cache components in a central repository that connects natively to all popular package managers. The Only Open Source Malware Detection Solution: Sonatype's artificial intelligence (AI)-powered Repository Firewall detects more than 2,100 intentionally malicious components every month, and blocks them, preventing malware from entering the software supply chain and infecting upstream systems. Expanded Software Composition Analysis (SCA): Sonatype's deep understanding of open source components and their vulnerabilities enables precise identification and mitigation of risks throughout the software development lifecycle. Unrivalled Dependency Management: Sonatype empowers organisations to understand and control the complex relationships between software dependencies, ensuring a secure and reliable foundation for applications. Supply chain security solutions Sonatype's proprietary and unique data, amassed from analysing hundreds of millions of open-source components, provides unparalleled insights into the open-source landscape.  This information enables Sonatype to deliver the most accurate and comprehensive software supply chain security solutions available in the market, giving organisations the assurance to innovate confidently and quickly, without open source risk.

Sonatype, the software supply chain optimisation company, announced an integration with ServiceNow, the AI platform for business transformation, to incorporate Sonatype Lifecycle software composition analysis and open-source vulnerability scans directly into existing workflows. This accelerates the response to application vulnerabilities, particularly in open-source software components, enhancing security measures and remediation efforts across enterprise environments. Unified vulnerability management For customers that use both ServiceNow and Sonatype, the integration enables the seamless transfer of vulnerability scan results from Sonatype Lifecycle directly into ServiceNow’s Application Vulnerability Response (AVR), creating a unified vulnerability management experience combining SCA, SAST, and DAST results from other systems. From this single plane, customers can triage based on risk and initiation of workflows for quick analysis and remediation. Data and malware protection "Bad actors are constantly evolving their attack methods to be quicker and more agile. It’s our job, to ensure customers have our unique open source data and malware protection, when and where they need it, to keep them one step ahead of attackers,” said Mitchell Johnson, chief product development officer at Sonatype. “The integration with ServiceNow makes it even easier for our customers to stay ahead." Open-source software "It ensures that vulnerabilities are identified, tracked, and remediated more efficiently, in turn reducing the risks associated with open-source software vulnerabilities while saving time and money." "By combining our efforts, we empower developers and security teams to collaborate more closely and respond to security risks with greater speed and precision.” Digital business “Partnerships succeed best when we lean into our unique skills and expertise and have a clear view into the problem we’re trying to solve,” said Erica Volini, senior vice president of global partnerships at ServiceNow. "Sonatype’s Lifecycle integration extends our reach well beyond where we can go alone and represents the legacy and goals of the Now Platform. I am thrilled to see the continued innovation we will achieve together to help organisations succeed in the era of digital business.” Vulnerability lifecycle management Integrated solution offers key functionalities including automated import of application vulnerabilities The newly integrated solution offers key functionalities including automated import of application vulnerabilities and predefined workflows for effective vulnerability lifecycle management. This enhances the capabilities of users within Sonatype’s customer base, allowing them to better prioritise and remediate security issues. Key benefits for customers Faster Remediation: Vulnerabilities are flagged swiftly allowing developers to address and remediate issues quickly, significantly reducing the turnaround time and associated risks. Improved Collaboration: The integration fosters enhanced cooperation between development and security teams, ensuring vulnerabilities are addressed comprehensively and efficiently. Streamlined experience The free plugin, which facilitates this integration, is available to all Sonatype Lifecycle customers in the ServiceNow Store. It promises a streamlined experience that not only enhances visibility into application vulnerabilities but also ensures they are managed and remediated promptly within the ServiceNow environment.