New from HP Fortify on Demand and Sonatype!

HP and Sonatype, Inc. are the first to deliver a new breed of on-demand application security analysis that includes static and dynamic testing coupled with open source component analysis from Sonatype’s Component Lifecycle Management (CLM) software. Now, users of HP Fortify on Demand have complete visibility into risks associated with open source and third party components in their applications.

Learn more in the FAQ, Press Release or Product Brief.

Upload, test and review. In just five minutes.

Open source risk analysis is done in just three easy steps. Upload your code to Fortify on Demand, request the “Open Source by Sonatype” analysis and it’s delivered back to you in just a few minutes. Your 8-10 page report features easy-to-read charts describing the known open source and third party component vulnerabilities responsible for security, license and quality issues in your application.

See a sample of the report or watch the 10 minute video tour.

Why is open source analysis important?

Nearly 90% of the typical application is assembled with open source building blocks known as “components.” Research shows that at least one critical vulnerability exists in 71% of these applications. The new open source analysis in Fortify on Demand empowers users to quickly see these issues and take appropriate action.

Learn more about open source risk in this eye-opening infographic.

Who is Sonatype?

Sonatype makes it easy to create trusted applications and keep them that way over time. More than 20,000 customers rely on Sonatype to manage their open source and third party components.

Sonatype Component Lifecycle Management (CLM) software empowers developers to select the best components early in the software lifecycle and easily remediate known vulnerabilities. Plus, policy automation, ongoing monitoring, and proactive alerts ensure these applications remain secure over time.

Learn more at

Next Steps?