Sonatype, the end-to-end software supply chain security platform, and OpenTextTM are partnering to offer a single integrated solution that combines open-source and custom code security, making finding and fixing vulnerabilities faster than ever. Together, Sonatype’s industry-leading Software Composition Analysis (SCA) solutions and Static and Dynamic Application Security Testing (SAST/DAST) from Fortify by OpenText offer a comprehensive, integrated security solution spanning the entire software development lifecycle.

Cyber Technology Insights: Varonis Expands Cloud Data Security to Google Cloud

Sonatype’s 2024 State of the Software Supply Chain® Report found that in 2024, some critical vulnerabilities took more than 500 days to fix. By combining Sonatype’s open source governance with Fortify’s advanced application security testing, organizations can detect, prevent, and remediate vulnerabilities with maximum efficiency. Enterprises leveraging this integrated solution experience: 

  • End-to-end software supply chain securityRobust protection for both open source and proprietary code, ensuring comprehensive coverage across the entire application stack from the first line of code to production.
  • Streamlined DevSecOps practicesAutomated security checks seamlessly integrate into CI/CD pipelines, ensuring that developers can maintain their velocity without compromising security.
  • Automated efficiency: AI-powered tooling to streamline auditing, security prioritization, licensing, and more across custom code and open source.
  • Optimized risk mitigation and complianceEarly detection of security issues, unified reporting, and prioritized remediation, helping organizations meet regulatory requirements and manage risks effectively at scale.

“At Sonatype, we’re dedicated to empowering organizations to take ownership over their software supply chain security without sacrificing speed and agility. Partnering with like-minded organizations like OpenText is critical to furthering this mission,” said Tyler Warden, Vice President of Product at Sonatype. “In uniting our innovative SCA solutions with Fortify’s proprietary code security tools to create this single pane of glass platform, we make it easier for developers and security teams to eliminate technical debt, maintain visibility, and quickly respond to security risks.” 

Last week, Sonatype was recognized as a leader in The Forrester Wave™: Software Composition Analysis (SCA) Software, Q4 2024, with the highest possible marks for Component Identification and Analysis, Component Health, and Software Development Tool Chain Integration, among other criteria. According to Forrester, “Sonatype is an excellent choice for enterprises looking to manage dependency, license, operational, and malicious package risk across the portfolio.”

“The best partnerships lean into each organization’s unique strengths in support of a common goal. Sonatype and OpenText offer best-in-class code security solutions that, when combined, streamline security across the entire software development lifecycle,” said Dylan Thomas, Senior Director of Engineering and Product for Application Security at OpenText. “I am excited for our continued joint evolution and innovation to enable safe, secure, and fast software development.”

Cyber Technology Insights: Rapid7 Adds AWS Resource Control to Exposure Command

To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com