Logo Panorama IT - Empresa de seguridad
+34 91 515 1390   |    info@panoramait.com

Forrester recognizes Sonatype as a market leader in software composition analysis market

After an in-depth evaluation of 10 SCA solutions across 37 criteria on how they address the needs of security professionals and developers. Sonatype’s Nexus platform was recognized as a market leader, with strong performance and the largest market presence among all companies analyzed by The Forrester Wave, Q3 2021 in software composition analysis.

It highlights the creation of a solution that automates all parts of software supply chain security with an emphasis on open source security. More importantly, it shows how vital it is for organizations to have full control of their cloud-native development lifecycles, including third-party open source, in-house source code, infrastructure-as-code (IaC) and containerized code.

Key findings:

Stellar policy management, backed by precision data.
Forrester points to Sonatype’s superior policy capabilities and license and vulnerability remediation as key reasons for success. According to the report:

“Policy is an area of strength for Sonatype, with out-of-the-box policies that align with a variety of standards (particularly in the IaC suite) and a policy engine that allows users to create and assign policies to certain types of applications. “

The bottom line is to give organizations control of their code. Across the Nexus platform, customers can create custom security, licensing and architecture policies based on the type of application or organization and contextually enforce those policies at each stage of the software development lifecycle.

Sonatype has the broadest, deepest and most actionable database of open source components and vulnerabilities. It examines fingerprints, not just file names and package manifests, to accurately identify risk with advanced binary fingerprinting (ABF). It is this accuracy that allows us to promise few false positives and negatives, so when our customers set a policy, they know they can trust it.

Expanded portfolio and full-spectrum software supply chain automation.
Forrester highlighted the broad ability to automate the entire software supply chain as a strength. In March, Sonatype announced its “new” Nexus platform and, more recently, Sonatype Lift , which help make life easier for developers and security teams.

As security concerns around supply chains took center stage this year, Sonatype has implemented solutions that offer customers full-spectrum control of the cloud-native software development lifecycle, including:

– Third-party open source code
– Source code origin
– IaC
– Containerized code
– InnerSource

As Panorama Technologies, we are proud to be a Sonatype partner and to be able to help our customers improve security and speed in their development cycles.


Source: Forrester


The essential safety guide

The essential safety guide

Do you have a cybersecurity plan? Digital technology is touching every aspect of our lives, which is giving bad actors an unlimited runway to create new threats on a daily basis. It is this atmosphere that makes it imperative that organizations are prepared, informed...

read more
5 keys for CISOs to accelerate business.

5 keys for CISOs to accelerate business.

Now more than ever, chief information security officers (CISOs) are expected to weigh in on business-level decisions. In an increasingly competitive landscape, business acumen has become as important as technical knowledge, and executives rely on the CISO to map...

read more
What most people don’t know about Synthetic Monitoring

What most people don’t know about Synthetic Monitoring

Synthetic monitoring enables you to improve the end-user experience by proactively verifying that important transactions can be completed and key endpoints accessed. It simulates a user view of your application and provides high-level performance information that can...

read more