On March 4, Sonatype announced end-to-end AI Software Composition Analysis (AI SCA) capabilities that enable enterprises to harness the full potential of AI. With its expertise in open source governance, Sonatype now extends its trusted platform to protect, manage, and optimize AI/ML models across development and deployment. Sonatype is the first and only company providing an end-to-end AI SCA solution, ensuring that enterprises can adopt AI with the same level of safety and productivity as traditional open source.
Open source AI/ML adoption is soaring — over the last 12 months, Sonatype has identified more than 300,000 models within customer software supply chains. As organizations rush to integrate AI-powered software and agentic AI solutions, they face the same security, compliance, and governance challenges that once plagued open-source software adoption.
“No one knows open source like Sonatype, and AI is the next frontier. Just as we revolutionized open source security, we are now doing the same for AI,” said Mitchell Johnson, chief product development officer at Sonatype. “We are the first company to address the entire AI/ML supply chain — giving enterprises and developers the confidence to deliver AI-powered solutions without compromising security, compliance, or velocity. By integrating seamlessly into existing DevOps workflows, we ensure developers can innovate freely while staying secure.”
In The Forrester Wave: Software Composition Analysis (SCA) Software, Q4 2024 report, the Forrester analyst noted Sonatype’s forthcoming AI capabilities would “catapult Sonatype ahead on both software supply chain and generative AI (genAI) SCA” and awarded Sonatype the highest possible marks in several categories, including AI component analysis.
“It has never been easier for organizations to integrate open source AI models into software, but with open source AI consumption comes the same risk facing users of traditional open source. It is imperative that we, as an industry, secure their use now in order to prevent unmanageable security workloads in the future,” said Brian Fox, co-founder and CTO at Sonatype. “We are proud to offer developers and security teams an end-to-end platform that provides the visibility and governance capabilities needed to use AI models safely, setting organizations up for easy and efficient long-term security.”
Source: Sonatype
Stay in the know with breaking news from across the IC and IC contracting landscape by becoming a paid subscriber to IC News. Your support makes our work possible.
By 
