Sonatype and OpenText Partner on Integrated Vulnerability Management Platform for Open Source and Custom Code
November 25, 2024

Sonatype and OpenText are partnering to offer a single integrated solution that combines open-source and custom code security, making finding and fixing vulnerabilities faster than ever.

Together, Sonatype’s Software Composition Analysis (SCA) solutions and Static and Dynamic Application Security Testing (SAST/DAST) from Fortify by OpenText offer a comprehensive, integrated security solution spanning the entire software development lifecycle.

By combining Sonatype’s open source governance with Fortify’s advanced application security testing, organizations can detect, prevent, and remediate vulnerabilities with maximum efficiency. Enterprises leveraging this integrated solution experience:

- End-to-end software supply chain security: Robust protection for both open source and proprietary code, ensuring comprehensive coverage across the entire application stack from the first line of code to production.

- Streamlined DevSecOps practices: Automated security checks seamlessly integrate into CI/CD pipelines, ensuring that developers can maintain their velocity without compromising security.

- Automated efficiency: AI-powered tooling to streamline auditing, security prioritization, licensing, and more across custom code and open source.

- Optimized risk mitigation and compliance: Early detection of security issues, unified reporting, and prioritized remediation, helping organizations meet regulatory requirements and manage risks effectively at scale.

"At Sonatype, we’re dedicated to empowering organizations to take ownership over their software supply chain security without sacrificing speed and agility. Partnering with like-minded organizations like OpenText is critical to furthering this mission,” said Tyler Warden, Vice President of Product at Sonatype. “In uniting our innovative SCA solutions with Fortify’s proprietary code security tools to create this single pane of glass platform, we make it easier for developers and security teams to eliminate technical debt, maintain visibility, and quickly respond to security risks.”

“The best partnerships lean into each organization’s unique strengths in support of a common goal. Sonatype and OpenText offer best-in-class code security solutions that, when combined, streamline security across the entire software development lifecycle,” said Dylan Thomas, Senior Director of Engineering and Product for Application Security at OpenText.

Share this

Industry News

May 28, 2025

Check Point® Software Technologies Ltd.(link is external) announced the launch of its next generation Quantum(link is external) Smart-1 Management Appliances, delivering 2X increase in managed gateways and up to 70% higher log rate, with AI-powered security tools designed to meet the demands of hybrid enterprises.

May 28, 2025

Salesforce and Informatica have entered into an agreement for Salesforce to acquire Informatica.

May 28, 2025

Red Hat and Google Cloud announced an expanded collaboration to advance AI for enterprise applications by uniting Red Hat’s open source technologies with Google Cloud’s purpose-built infrastructure and Google’s family of open models, Gemma.

May 28, 2025

Mirantis announced Mirantis k0rdent Enterprise and Mirantis k0rdent Virtualization, unifying infrastructure for AI, containerized, and VM-based workloads through a Kubernetes-native model, streamlining operations for high-performance AI pipelines, modern microservices, and legacy applications alike.

May 28, 2025

Snyk launched the Snyk AI Trust Platform, an AI-native agentic platform specifically built to secure and govern software development in the AI Era.

May 28, 2025

Bit Cloud announced the general availability of Hope AI, its new AI-powered development agent that enables professional developers and organizations to build, share, deploy, and maintain complex applications using natural language prompts, specifications and design files.

May 27, 2025

AI-fueled attacks and hyperconnected IT environments have made threat exposure one of the most urgent cybersecurity challenges facing enterprises today. In response, Check Point® Software Technologies Ltd.(link is external) announced a definitive agreement to acquire Veriti Cybersecurity, the first fully automated, multi-vendor pre-emptive threat exposure and mitigation platform.

May 27, 2025

LambdaTest announced the launch of its Automation MCP Server, a solution designed to simplify and accelerate the process of triaging test failures.

May 27, 2025

DefectDojo announced the launch of their next-gen Security Operations Center (SOC) capabilities for DefectDojo Pro, which provides both SOC and AppSec professionals a unified platform for noise reduction and prioritization of SOC alerts and AppSec findings.

May 22, 2025

Red Hat announced enhanced features to manage Red Hat Enterprise Linux.

May 22, 2025

StackHawk has taken on $12 Million in additional funding from Sapphire and Costanoa Ventures to help security teams keep up with the pace of AI-driven development.

May 21, 2025

Red Hat announced jointly-engineered, integrated and supported images for Red Hat Enterprise Linux across Amazon Web Services (AWS), Google Cloud and Microsoft Azure.

May 21, 2025

Komodor announced the integration of the Komodor platform with Internal Developer Portals (IDPs), starting with built-in support for Backstage and Port.

May 21, 2025

Operant AI announced Woodpecker, an open-source, automated red teaming engine, that will make advanced security testing accessible to organizations of all sizes.