Sonatype and OpenText Partner on Integrated Vulnerability Management Platform for Open Source and Custom Code
November 25, 2024

Sonatype and OpenText are partnering to offer a single integrated solution that combines open-source and custom code security, making finding and fixing vulnerabilities faster than ever.

Together, Sonatype’s Software Composition Analysis (SCA) solutions and Static and Dynamic Application Security Testing (SAST/DAST) from Fortify by OpenText offer a comprehensive, integrated security solution spanning the entire software development lifecycle.

By combining Sonatype’s open source governance with Fortify’s advanced application security testing, organizations can detect, prevent, and remediate vulnerabilities with maximum efficiency. Enterprises leveraging this integrated solution experience:

- End-to-end software supply chain security: Robust protection for both open source and proprietary code, ensuring comprehensive coverage across the entire application stack from the first line of code to production.

- Streamlined DevSecOps practices: Automated security checks seamlessly integrate into CI/CD pipelines, ensuring that developers can maintain their velocity without compromising security.

- Automated efficiency: AI-powered tooling to streamline auditing, security prioritization, licensing, and more across custom code and open source.

- Optimized risk mitigation and compliance: Early detection of security issues, unified reporting, and prioritized remediation, helping organizations meet regulatory requirements and manage risks effectively at scale.

"At Sonatype, we’re dedicated to empowering organizations to take ownership over their software supply chain security without sacrificing speed and agility. Partnering with like-minded organizations like OpenText is critical to furthering this mission,” said Tyler Warden, Vice President of Product at Sonatype. “In uniting our innovative SCA solutions with Fortify’s proprietary code security tools to create this single pane of glass platform, we make it easier for developers and security teams to eliminate technical debt, maintain visibility, and quickly respond to security risks.”

“The best partnerships lean into each organization’s unique strengths in support of a common goal. Sonatype and OpenText offer best-in-class code security solutions that, when combined, streamline security across the entire software development lifecycle,” said Dylan Thomas, Senior Director of Engineering and Product for Application Security at OpenText.

Share this

Industry News

May 06, 2025

Google is rolling out an updated Gemini 2.5 Pro model with significantly enhanced coding capabilities.

May 06, 2025

BrowserStack announced the acquisition of Requestly, the open-source HTTP interception and API mocking tool that eliminates critical bottlenecks in modern web development.

May 06, 2025

Jitterbit announced the evolution of its unified AI-infused low-code Harmony platform to deliver accountable, layered AI technology — including enterprise-ready AI agents — across its entire product portfolio.

May 05, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, and Synadia announced that the NATS project will continue to thrive in the cloud native open source ecosystem of the CNCF with Synadia’s continued support and involvement.

May 05, 2025

RapDev announced the launch of Arlo, an AI Agent for ServiceNow designed to transform how enterprises manage operational workflows, risk, and service delivery.

May 01, 2025

Check Point® Software Technologies Ltd.(link is external) announced that its Quantum Firewall Software R82 — the latest version of Check Point’s core network security software delivering advanced threat prevention and scalable policy management — has received Common Criteria EAL4+ certification, further reinforcing its position as a trusted security foundation for critical infrastructure, government, and defense organizations worldwide.

May 01, 2025

Postman announced full support for the Model Context Protocol (MCP), helping users build better AI Agents, faster.

May 01, 2025

Opsera announced new Advanced Security Dashboard capabilities available as an extension of Opsera's Unified Insights for GitHub Copilot.

May 01, 2025

Lineaje launched new capabilities including Lineaje agentic AI-powered self-healing agents that autonomously secure open-source software, source code and containers, Gold Open Source Packages and Gold Open Source Images that enable organizations to source trusted, pre-fixed open-source software, and a software crawling and analysis engine, SCA360, that discovers and contextualizes risks at all software development stages.

April 30, 2025

Lenses.io announced the release of Lenses 6.0, enabling organizations to modernize applications and systems with real-time data as AI adoption accelerates.

April 30, 2025

Sonata Software has achieved Amazon Web Services (AWS) DevOps Competency status.

April 29, 2025

vFunction® announced significant platform advancements that reduce complexity across the architectural spectrum and target the growing disconnect between development speed and architectural integrity.

April 29, 2025

Sonatype® introduced major enhancements to Repository Firewall that expand proactive malware protection across the enterprise — from developer workstations to the network edge.

April 29, 2025

Aqua Security introduced Secure AI, full lifecycle security from code to cloud to prompt.