Wiesbaden, January 21, 2021

It's no secret that Sonatype understands the power of a community and the importance of partnerships. That is the reason why they are so successful: Open source components or reusable software components developed by the community enable companies to save time and money and improve quality. They offer business flexibility and reduce (at least some) business-relevant risks. Quite simply, together we are often a good deal better.

For these reasons, Sonatype and SVA are excited about their partnership. At Sonatype, we know that we are better when we stand "shoulder to shoulder" with industry leaders, and SVA is one of those industry leaders that we will be working with in the future to expand the Nexus platform. This new partnership will also expand global reach and help even more companies build critical open source security and software composition analysis programmes to ultimately protect their software supply chains from known open source vulnerabilities from inception through to production.

"We have 23 locations in Germany and achieve optimal solutions for our customers by combining only high-quality IT products with IT best practices and more than 20 years of experience," explains Stefan Gärtner, Head of the CI/CD Competence Centre at SVA. "The goal of being able to deliver quickly in the future leads our customers to continuously increasing automation. Both security and application lifecycle management have to meet this demand. Sonatype's products, coupled with SVA's expertise, help our customers accelerate and optimise the delivery of high-quality software products. Among other things, Sonatype has a comprehensive database of vulnerability analysis and open source licence obligations, and provides continuous updates on licence changes or additions to meet governance guidelines."

Open source software components are so widely used that 90% of the code in most modern applications is composed of them. Understanding what is in an application is critical to ensuring its security. That's why the Nexus platform was developed. It automatically enforces open source governance and controls risk at every stage of the Software Development Lifecycle (SDLC). Thanks to Nexus Intelligence, a solution that includes detailed security, licensing and quality data on components from dozens of ecosystems, the Sonatype Nexus Platform accurately identifies open source risks and provides expert remediation guidance to help developers innovate faster. Perimeter and every phase of the SDLC is secured, including production, by continuously monitoring for new risks based on your open source policies.

Wai Man Yau, Sonatype's International General Manager, explains, "Sonatype has information on more than 100 million open source components, making it better positioned than anyone to protect global enterprises and identify and mitigate vulnerabilities. Through our partnership with SVA System Vertrieb Alexander GmbH, we can make this information available to even more companies and further expand DevSecOps and open source governance in the German market, providing customers with continuous automated security features they need to develop secure software."