Cigniti Technologies Announces Partnership With Sonatype, Extends AppSec Offering With Best-In-Class Software Composition Analysis


With the Sonatype Nexus Platform, Cigniti now helps customers shift left and automate open source security at every stage of the software development lifecycle

LONDON –Jan. 6, 2020 - Cigniti Technologies, a global leader in independent quality engineering and software testing services, today announced a partnership with Sonatype, the company that scales DevOps through open source governance and software supply chain automation, to help enterprise customers innovate faster and easily mitigate security risk inherent in open source. 

By partnering with Sonatype, Cigniti is able to offer its clients the powerful Nexus Platform, in turn, enabling them to automatically enforce open source governance and control risk across every phase of the software development lifecycle (SDLC). Fueled by Nexus Intelligence, which includes in-depth security, license, and quality information on more than 100M open source components across dozens of ecosystems, the Nexus Platform precisely identifies open source risk and provides expert remediation guidance, empowering developers to innovate faster. Only Nexus secures the perimeter and every phase of your SDLC, including production, by continuously monitoring for new risk based on your open source policies.

“As experts in continuous delivery, Cigniti has worked hard to help its customers implement a mature DevSec pipeline. As such, many of our global customers have inquired about software composition analysis to help protect their toolchains, said Pradeep Govindasamy, CTO & President at Cigniti Technologies. “Partnering with Sonatype, who has the in-depth, precise intelligence around open source vulnerabilities, allows us to offer an ever-deeper sense of security to our customers. There is a clear synergy between Sonatype and Cigniti to create a successful partnership.”

The Sonatype Nexus Platform provides myriad benefits to its users, that enable them to focus on innovating, and harnessing the power of open source, rather than worrying about its risk. For instance customers see:

  • 99% reduction in time spent reviewing and approving OSS components
  • 26x faster identification and remediation of OSS vulnerabilities
  • 70% smaller windows of exploitability from adversary attacks on OSS components
  • 20x faster searches and downloads of OSS components by developers

"Sonatype has been working with global enterprise customers for over a decade to identify and mitigate millions of security vulnerabilities and protect their software supply chains," said Wai Man Yau, General Manager International, Sonatype. "Through our partnership with Cigniti, we'll be able to further enhance DevSecOps in new regions, providing customers with the continued automated security features they need to build secure software."

Additional Resources 

To learn more about how Cigniti or Sonatype can help your organisation build safe, secure, high quality software, visit and 

About Cigniti Technologies:

Cigniti Technologies is a Global Leader in Independent Quality Engineering & Software Testing services. Cigniti’s 2,500+ experienced professionals are spread across the UK, US, Canada, Australia, India, UAE, and South Africa. We are a strategic quality engineering partner for leading global organisations and assist them in accelerating time-to-market by predicting and preventing unanticipated failures, leveraging AI-driven, proprietary Continuous Testing & Test Automation solutions, with customer-centricity at the core of the transformation. Our test offerings are Quality Engineering, Advisory & Transformation, Digital Assurance, and Quality Assurance solutions.

About Sonatype:

Sonatype is the leader in software supply chain automation technology with more than 350 employees, over 1,200 enterprise customers, and is trusted by more than 10 million software developers.  Sonatype’s Nexus platform enables DevOps teams and developers to automatically integrate security at every stage of the modern development pipeline by combining in-depth component intelligence with real-time remediation guidance. For more information, please visit, or connect with us on Facebook, Twitter, or LinkedIn