Sonatype Announces Integration with ServiceNow to Streamline Software Composition Analysis
May 16 2024 - 11:51AM
Sonatype, the software supply chain optimization company, announced
today an integration with ServiceNow, the AI platform for business
transformation, to incorporate Sonatype Lifecycle software
composition analysis and open source vulnerability scans directly
into existing workflows. This accelerates the response to
application vulnerabilities, particularly in open source software
components, enhancing security measures and remediation efforts
across enterprise environments.
For customers that use both ServiceNow
and Sonatype, the integration enables the seamless transfer of
vulnerability scan results from Sonatype Lifecycle directly into
ServiceNow’s Application Vulnerability Response (AVR), creating a
unified vulnerability management experience combining SCA, SAST and
DAST results from other systems. From this single plane, customers
can triage based on risk and initiation of workflows for quick
analysis and remediation.
"Bad actors are constantly evolving
their attack methods to be quicker and more agile. It’s our job, to
ensure customers have our unique open source data and malware
protection, when and where they need it, to keep them one-step
ahead of attackers,” said Mitchell Johnson, chief product
development officer at Sonatype. “The integration with ServiceNow
makes it even easier for our customers to stay ahead. It ensures
that vulnerabilities are identified, tracked and remediated more
efficiently, in turn reducing the risks associated with open source
software vulnerabilities while saving time and money. By combining
our efforts, we empower developers and security teams to
collaborate more closely and respond to security risks with greater
speed and precision.”
“Partnerships succeed best when we
lean into our unique skills and expertise and have a clear view
into the problem we’re trying to solve,” said Erica Volini, senior
vice president of global partnerships at ServiceNow. "Sonatype’s
Lifecycle integration extends our reach well beyond where we can go
alone and represents the legacy and goals of the Now Platform. I am
thrilled to see the continued innovation we will achieve together
to help organizations succeed in the era of digital business.”
The newly integrated solution offers
key functionalities including automated import of application
vulnerabilities and predefined workflows for effective
vulnerability lifecycle management. This enhances the capabilities
of users within Sonatype’s customer base, allowing them to better
prioritize and remediate security issues.
Key benefits for customers from this
integration include:
- Faster Remediation: Vulnerabilities are flagged swiftly
allowing developers to address and remediate issues quickly,
significantly reducing the turnaround time and associated
risks.
- Improved
Collaboration: The integration fosters enhanced cooperation between
development and security teams, ensuring vulnerabilities are
addressed comprehensively and efficiently.
The free plugin, which facilitates
this integration, is available to all Sonatype Lifecycle customers
in the ServiceNow Store. It promises a streamlined experience that
not only enhances visibility into application vulnerabilities but
also ensures they are managed and remediated promptly within the
ServiceNow environment.
For more information on this
integration and how it can benefit your organization, please visit
the ServiceNow store or Sonatype.com.
About Sonatype
Sonatype is the software supply chain
optimization company. We provide the world’s best software supply
chain optimization technology and intelligence, empowering
enterprises to create and maintain secure, quality, and innovative
software at scale. As founders of Nexus Repository and stewards of
Maven Central, the world’s largest repository of Java open source
software, we are software pioneers and our open source expertise is
unmatched. We empower innovation with an unparalleled commitment to
build faster, safer software and harness AI and data intelligence
to mitigate risk, maximize efficiencies, and drive powerful
software development. More than 2,000 organizations, including 70%
of the Fortune 100 and 15 million software developers, rely on
Sonatype to optimize their software supply chains. To learn more
about Sonatype, please visit www.sonatype.com.
ServiceNow, the ServiceNow logo, Now, Now Platform, and other
ServiceNow marks are trademarks and/or registered trademarks of
ServiceNow, Inc. in the United States and/or other countries.
Elissa Walters
Sonatype
ewalters@sonatype.com