Sonatype
and OpenText are partnering to offer a single
integrated solution that combines open-source and custom code security, making
finding and fixing vulnerabilities faster than ever. Together, Sonatype's
industry-leading Software Composition Analysis (SCA) solutions and Static and
Dynamic Application Security Testing (SAST/DAST) from Fortify by OpenText offer
a comprehensive,
integrated security solution spanning the entire
software development lifecycle.
Sonatype's
2024 State of the
Software Supply Chain Report found that in 2024,
some critical vulnerabilities took more than 500 days to fix. By combining
Sonatype's open source governance with Fortify's advanced application security
testing, organizations can detect, prevent, and remediate vulnerabilities with
maximum efficiency. Enterprises leveraging this integrated solution
experience:
- End-to-end
software supply chain security: Robust protection for both open
source and proprietary code, ensuring comprehensive coverage across the
entire application stack from the first line of code to production.
- Streamlined
DevSecOps practices: Automated security checks seamlessly integrate
into CI/CD pipelines, ensuring that developers can maintain their velocity
without compromising security.
- Automated
efficiency: AI-powered tooling to streamline auditing, security
prioritization, licensing, and more across custom code and open source.
- Optimized
risk mitigation and compliance: Early detection of security
issues, unified reporting, and prioritized remediation, helping
organizations meet regulatory requirements and manage risks effectively at
scale.
"At
Sonatype, we're dedicated to empowering organizations to take ownership over
their software supply chain security without sacrificing speed and agility.
Partnering with like-minded organizations like OpenText is critical to
furthering this mission," said Tyler Warden, Vice President of Product at
Sonatype. "In uniting our innovative SCA solutions with Fortify's proprietary
code security tools to create this single pane of glass platform, we make it
easier for developers and security teams to eliminate technical debt, maintain
visibility, and quickly respond to security risks."
Last
week, Sonatype was recognized as a leader in The Forrester Wave: Software
Composition Analysis Software, Q4 2024, with the highest possible marks for
Component Identification and Analysis, Component Health, and Software
Development Tool Chain Integration, among other criteria. According to
Forrester, "Sonatype is an excellent choice for enterprises looking to manage
dependency, license, operational, and malicious package risk across the
portfolio."
"The
best partnerships lean into each organization's unique strengths in support of
a common goal. Sonatype and OpenText offer best-in-class code security
solutions that, when combined, streamline security across the entire software
development lifecycle," said Dylan Thomas, Senior Director of Engineering and
Product for Application Security at OpenText. "I am excited for our
continued joint evolution and innovation to enable safe, secure, and fast
software development."
Hundreds of global
organizations leverage the integrated Sonatype and Fortify by OpenText solution
to be ambitious, move fast and do it securely.