One in Six Developers in Healthcare Report Open Source Breaches | Press Release

Progress Software and Nexus Lifecycle

Fast and Reliable at Discovering Open Source Risk

Since 1981 Progress has been committed to delivering market-leading technology innovations that empower their partners and customers to dramatically improve the development, deployment, integration and management of their business applications. Their technology is used by nearly 140,000 organizations in more than 180 countries.

The Challenge: Addressing the Increasing Complexity and Risk of Open Source Licensing

Progress Software wanted to acquire decision management firm Corticon, and integrate their business rules engine into a number of Progress products. While mergers and acquisitions (M&A) have always been complicated, an increasing awareness of open source licensing complexity and risk add another important dimension to the due diligence process. Progress needed to ensure that there were no GPL components included in Corticon’s product to avoid any unforeseen risks in the acquisition or product integration.

The Solution: Embracing Nexus Lifecycle to Provide Rapid Application Composition Analysis

Progress turned to Sonatype as they were the only company that could provide the rapid application composition analysis required for due diligence via Nexus Lifecycle (formerly Component Lifecycle Management — CLM). “Many companies choose to ignore open source licensing compliance, but verifying and validating intellectual property to avoid potential licensing conflicts is essential at Progress,” said John Goodson, Senior 1 VP of Products for Progress. “Sonatype provided the tools and support we needed to streamline due diligence, reduce risk, and move forward with confidence.”

“Sonatype provided the tools and support we needed to streamline due diligence, reduce risk, and move forward with confidence.”
— John Goodson, Senior VP of Products

The Outcome: A Lightweight, Fast, and Easy-to-Use Solution to Software Composition Analysis

Progress used Nexus Lifecycle to quickly confirm Corticon’s code was free of licensing issues. “In the past, we used time-consuming manual processes to vet third-party license compliance,” said Biao Wang, Director of Product Operations and Release Management for Progress. “Using the Sonatype product, we were able to deconstruct the composition of Corticon’s application in a matter of minutes.” Lightweight, fast, and easy-to-use, Nexus Lifecycle quickly analyzed Corticon’s code to validate license integrity and compliance with Progress corporate policies. Component licensing details were displayed on a secure customizable dashboard. And the Sonatype team was available to answer questions during analysis by the Progress team. “Sonatype helped us understand all of the licenses and components contained in Corticon’s application and verify that our acquisition could proceed without our taking any unnecessary intellectual property risks,” said Goodson. “We will continue to use the Sonatype product and highly recommend it to organizations looking for a fast, reliable tool to discover potential open source license risk.”

CONTACT SALES TEAM

Ready to Try Nexus Products?

Sonatype, A Better Way to Build