ServiceNow unveiled the Yokohama platform release, including ServiceNow Studio which provides a unified workspace for rapid application development and governance.
Sonatype Acquires Vor Security
July 11, 2017
Sonatype has acquired Vor Security.
Ken Duck, founder and CEO of Vor will join the product and engineering team at Sonatype to continuously expand and refine the open source component intelligence service that underpins the Nexus platform.
As founder and CEO of Vor, Duck created the OSS Index, an innovative and free online index of known open source software vulnerabilities. Today, the index contains more than 2.1 million packages and detailed information on more than 120,000 vulnerabilities across an array of open source ecosystems.
Sonatype also introduced Nexus Lifecycle XC, a new data service delivered via the Nexus IQ server that will provide organizations with component intelligence covering a wide swath of open source ecosystems and formats including Ruby, PHP, Swift, CocoaPods, Golang, C, and C++.
Compared to the precisely accurate open source intelligence offered by Nexus Lifecycle for Java, JavaScript, NuGet, and PyPI -- traditional vendors of Software Composition Analysis (SCA) tools have long provided commodity open source intelligence across a broad spectrum of ecosystems.
Over time, organizations have come to value the unique accuracy of Nexus Lifecycle data for Java, JavaScript, NuGet, and PyPI; but they still require open source intelligence for a wide variety of other ecosystems. Beginning today, Sonatype is delivering a win-win intelligence engine that combines the depth of Lifecycle data for machine automated open source controls with the breadth of Lifecycle XC data for foundational open source governance.
“Empowering software development teams with broad and precise visibility into the open source supply chain is critical to practicing proper application security hygiene. Sonatype’s world-class team has led the way in bringing remarkably accurate component intelligence to the forefront of the DevOps movement, and I am excited to join forces with their amazing team and continue the journey,” said Ken Duck, CEO of Vor Security.
“Since its introduction in 2012, Nexus Lifecycle has seen tremendous acceptance in the market because it provides remarkably precise and accurate intelligence with respect to open source components across Java, JavaScript, NuGet, and PyPI. While enterprise customers, especially those practicing DevOps, place a premium value on the accuracy and precision of our Nexus Lifecycle data, they also need intelligence for a wide variety of other formats and ecosystems. The combination of Lifecycle and Lifecycle XC gives customers the best of both worlds -- a premium intelligence service that fully automates enforcement of open source policies inside of a DevOps pipeline, plus a stock data intelligence service to inform basic hygiene for all other ecosystems,” said Wayne Jackson, CEO of Sonatype.
Industry News
March 12, 2025
Sonar announced the upcoming availability of SonarQube Advanced Security.
March 12, 2025
ScaleOut Software introduces generative AI and machine-learning (ML) powered enhancements to its ScaleOut Digital Twins™ cloud service and on-premises hosting platform with the release of Version 4.
March 11, 2025
Kurrent unveiled a developer-centric evolution of Kurrent Cloud that transforms how developers and dev teams build, deploy and scale event-native applications and services.
March 11, 2025
ArmorCode announced the launch of two new apps in the ServiceNow Store.
March 10, 2025
Parasoft(link is external) is accelerating the release of its C/C++test 2025.1 solution, following the just-published MISRA C:2025 coding standard.
March 10, 2025
GitHub is making GitHub Advanced Security (GHAS) more accessible for developers and teams of all sizes.
March 10, 2025
ArmorCode announced the enhanced ArmorCode Partner Program, highlighting its goal to achieve a 100 percent channel-first sales model.
March 06, 2025
Parasoft(link is external) is showcasing its latest product innovations at embedded world Exhibition, booth 4-318(link is external), including new GenAI integration with Microsoft Visual Studio Code (VS Code) to optimize test automation of safety-critical applications while reducing development time, cost, and risk.
March 06, 2025
JFrog announced general availability of its integration with NVIDIA NIM microservices, part of the NVIDIA AI Enterprise software platform.
March 06, 2025
CloudCasa by Catalogic announce an integration with SUSE® Rancher Prime via a new Rancher Prime Extension.
March 05, 2025
MacStadium(link is external) announced the extended availability of Orka(link is external) Cluster 3.2, establishing the market’s first enterprise-grade macOS virtualization solution available across multiple deployment options.
March 05, 2025
JFrog is partnering with Hugging Face, host of a repository of public machine learning (ML) models — the Hugging Face Hub — designed to achieve more robust security scans and analysis forevery ML model in their library.
March 05, 2025
Copado launched DevOps Automation Agent on Salesforce's AgentExchange, a global ecosystem marketplace powered by AppExchange for leading partners building new third-party agents and agent actions for Agentforce.
March 05, 2025
Harness completed its merger with Traceable, effective March 4, 2025.
