Software AG’s ARIS Maintains Legal Compliance and a Secure CI/CD Development Cycle with Sonatype

Business leaders across any industry know operating an efficient organization is essential to success, and this is the specialty of global enterprise software leader Software AG and its process mining and analysis tool, ARIS. With a worldwide customer base, it’s crucial that the global enterprise software leader provides secure and compliant systems.

The Challenge

Meeting regulatory compliance at scale, automating policy enforcement, and proactively managing threats.

• There are more than 20 million lines of code in the code base across the ARIS suite
• Pulling from over 3,000 third-party libraries
• More than 40 Microservices sharing 70 larger common components

Software AG was using an in-house software composition analysis (SCA) tool to pull license and copyright information from all third-party repositories and libraries.

• Manual checks required a significant amount of time
• The team did not have the manpower to scale accordingly

The Solution

Shifting Left and Automating License Compliance

A comprehensive and automated compliance management solution was needed to prevent bottlenecks in the software development lifecycle. Software AG is using Sonatype Lifecycle across its entire CI/CD pipeline and today benefits from:

• The ability to pull copyright and licensing information
• Data accuracy and the ability to quickly surface legal or security findings that need attention
• Thorough scanning and analysis of all the license obligations and third-party components

“In the past, with our previous SCA tool, the entire legal compliance process took 2-3 weeks for one release. Now, with Sonatype Lifecycle fully integrated into our CI/CD pipeline, the software compliance check takes two minutes.”

– Rocco De Angelis
Director at ARIS R&D, Software AG

The Result

Reducing the Legal Compliance Process From Weeks to Minutes

By automating the identification of compliance issues, Sonatype Lifecycle ensures quick remediation of any issues to meet quality and security standards.

• The legal compliance process previously took 2-3 weeks for one release
• Today that has been reduced to just two minutes per commit
• Integrating Sonatype Lifecycle has fostered better collaboration between development, security, and operations teams

In addition to these benefits, purchasing Sonatype products through AWS Marketplace allowed Software AG to consolidate its spending on development infrastructure services and speed up the procurement process and deployment.