Sonatype And HP Integrate To Secure Cloud Components


Software development is increasingly being typified by a componentized approach. A single application might consist of code and component modules from a multitude of different sources. While this increases agility and allows developers to truly utilize best of breed aspects of the application, it also creates a minefield of security issues.

This is just the problem that security vendor Sonatype is trying to resolve. The company sells a component lifecycle management (CLM) tool that helps developers avoid using rogue open source components in their applications. CLM also automates the process for enforcing security policies across an application.

Sonatype is announcing today that HP has integrated the Sonatype product with HP’s own cloud-based security solution – HP Fortify on Demand. As part of the integration, Sonatype provides component analysis that identifies the third party and open-source components commonly used as building blocks in modern applications. HP Fortify on Demand delivers software analysis that identifies security vulnerabilities in any application —web, mobile, infrastructure or cloud. Together, these capabilities make for a more complete software security solution by reducing an enterprise’s exposure to risk caused by the rapid adoption of open-source software components

What is means for existing HP Fortify on Demand customers is that they can create a tailored “bill of materials” listing of all the different components used in a particular application, identify which of those components have known vulnerabilities and prioritize the remediation tasks.

Sonatype also includes automated governance, monitoring and alerts, making it a fairly broad solution Sonatype claims five of the world’s largest banks and several of the US’ largest agencies as customers.

Sonatype is privately held and has received venture funding from NEA, Accel partners, Bay Partners, Hummer Winblad Ventures and Morgenthaler Ventures.

By Jarrett Neil Ridlinghafer
Chief Cloud Consultant
Compass Solutions, LLC