Resources Blog Enhance security with Sonatype Lifecycle and ServiceNow ...

Enhance security with Sonatype Lifecycle and ServiceNow Application Vulnerability Response (AVR) integration

We are excited to announce an innovative partnership that integrates Sonatype's open source software (OSS) security intelligence directly into ServiceNow workstreams. For this partnership, we've launched a new Sonatype and ServiceNow integration.

This integration enables development teams to quickly identify and prioritize vulnerabilities, ensuring timely remediation and removing blockers to innovation, while ensuring that AppSec professionals have a single-pane-of-glass view into the organization’s application security risk profile.

Attacks on software supply chains have become more disruptive and sophisticated over the years. In fact, there has been an astonishing 742% average annual increase (as discovered in our State of the Software Supply Chain report) in software supply chain attacks. Moreover, the burden has started shifting from consumers to suppliers to build safer software applications and safeguard their reputation. Against this challenging backdrop, more than ever before, organizations need to urgently bolster their preparedness to mitigate risk in their code and thwart attempts by bad actors to target their most precious digital assets.

Why should you care?

This integration equips security teams with more tools to combat OSS vulnerability issues by providing better visibility so you can effectively manage risk. It represents a force-multiplier for cybersecurity readiness, empowering organizations to fortify their defenses and maintain a resilient security posture.

For customers that use both ServiceNow and Sonatype, vulnerable items fixed in Sonatype Lifecycle are imported into ServiceNow's Application Vulnerability Response (AVR), creating a unified vulnerability management experience combining software composition analysis (SCA) results from Sonatype Lifecycle with static application security testing (SAST) and dynamic application security testing (DAST) results from other systems in a single view. From this single plane, customers can triage based on risk and initiation of workflows for quick analysis and remediation.

The Sonatype and ServiceNow integration offers key benefits for customers which include:

  • Faster remediation: Vulnerabilities are flagged swiftly allowing developers to address and remediate issues quickly, significantly reducing the turnaround time and associated risks.
  • Improved collaboration: The integration fosters enhanced cooperation between development and security teams, ensuring vulnerabilities are addressed comprehensively and efficiently.


Getting started

Users can download the plug-in from the ServiceNow Store.

To learn more, access the Sonatype documentation page.

Picture of Nitin Phadnis

Written by Nitin Phadnis

Nitin Phadnis is a Senior Product Marketing Manager at Sonatype. When he's not working, Nitin loves spending time with family, reading, and watching F1 races.