Sonatype Announces Integration with ServiceNow to Streamline Software Composition Analysis

New collaboration enables ServiceNow customers to integrate Sonatype Lifecycle for faster, more efficient remediation of open source application vulnerabilities

Fulton, Md., May 16, 2024 (GLOBE NEWSWIRE) -- Sonatype, the software supply chain optimization company, announced today an integration with ServiceNow, the AI platform for business transformation, to incorporate Sonatype Lifecycle software composition analysis and open source vulnerability scans directly into existing workflows. This accelerates the response to application vulnerabilities, particularly in open source software components, enhancing security measures and remediation efforts across enterprise environments.

For customers that use both ServiceNow and Sonatype, the integration enables the seamless transfer of vulnerability scan results from Sonatype Lifecycle directly into ServiceNow’s Application Vulnerability Response (AVR), creating a unified vulnerability management experience combining SCA, SAST and DAST results from other systems. From this single plane, customers can triage based on risk and initiation of workflows for quick analysis and remediation.

"Bad actors are constantly evolving their attack methods to be quicker and more agile. It’s our job, to ensure customers have our unique open source data and malware protection, when and where they need it, to keep them one-step ahead of attackers,” said Mitchell Johnson, chief product development officer at Sonatype. “The integration with ServiceNow makes it even easier for our customers to stay ahead. It ensures that vulnerabilities are identified, tracked and remediated more efficiently, in turn reducing the risks associated with open source software vulnerabilities while saving time and money. By combining our efforts, we empower developers and security teams to collaborate more closely and respond to security risks with greater speed and precision.”

“Partnerships succeed best when we lean into our unique skills and expertise and have a clear view into the problem we’re trying to solve,” said Erica Volini, senior vice president of global partnerships at ServiceNow. "Sonatype’s Lifecycle integration extends our reach well beyond where we can go alone and represents the legacy and goals of the Now Platform. I am thrilled to see the continued innovation we will achieve together to help organizations succeed in the era of digital business.”

The newly integrated solution offers key functionalities including automated import of application vulnerabilities and predefined workflows for effective vulnerability lifecycle management. This enhances the capabilities of users within Sonatype’s customer base, allowing them to better prioritize and remediate security issues.

Key benefits for customers from this integration include:

  • Faster Remediation: Vulnerabilities are flagged swiftly allowing developers to address and remediate issues quickly, significantly reducing the turnaround time and associated risks.
  • Improved Collaboration: The integration fosters enhanced cooperation between development and security teams, ensuring vulnerabilities are addressed comprehensively and efficiently.

The free plugin, which facilitates this integration, is available to all Sonatype Lifecycle customers in the ServiceNow Store. It promises a streamlined experience that not only enhances visibility into application vulnerabilities but also ensures they are managed and remediated promptly within the ServiceNow environment.

For more information on this integration and how it can benefit your organization, please visit the ServiceNow store or

About Sonatype

Sonatype is the software supply chain optimization company. We provide the world’s best software supply chain optimization technology and intelligence, empowering enterprises to create and maintain secure, quality, and innovative software at scale. As founders of Nexus Repository and stewards of Maven Central, the world’s largest repository of Java open source software, we are software pioneers and our open source expertise is unmatched. We empower innovation with an unparalleled commitment to build faster, safer software and harness AI and data intelligence to mitigate risk, maximize efficiencies, and drive powerful software development. More than 2,000 organizations, including 70% of the Fortune 100 and 15 million software developers, rely on Sonatype to optimize their software supply chains. To learn more about Sonatype, please visit

ServiceNow, the ServiceNow logo, Now, Now Platform, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries.  


Sonatype and ServiceNow

Contact Data