Sonatype Offers End-to-End AI Software Composition Analysis

By

The solution aims to help organizations manage open source AI/ML usage.

Sonatype has announced AI Software Composition Analysis (AI SCA), which extends the company’s platform to provide “instant visibility, policy, and control over your AI/ML usage in your applications and data pipelines.” AI SCA offers comprehensive AI model governance, including automated reports on AI/ML usage.

“It has never been easier for organizations to integrate open source AI models into software, but with open source AI consumption comes the same risk facing users of traditional open source. It is imperative that we, as an industry, secure their use now in order to prevent unmanageable security workloads in the future,” said Brian Fox, co-founder and CTO at Sonatype.

To help organizations manage open source AI/ML usage in software supply chains, the end-to-end solution provides:

  • Proactive AI threat detection
  • Centralized AI model governance
  • Automated AI policy management
  • AI observability and compliance

Learn more at Sonatype.
 
 

 
 
 

03/17/2025
analysis , Artificial Inte... , machine learning

Related content

  • Open Source Malware on the Rise, According to Sonatype Report
    more »
  • News for Admins
    In the news:Open Source AI Definition Now Available; Sysdig Report Highlights LLMjacking and Other Security Threats; Microsoft Releases OpenHCL, an Open Source Paravisor; NASA Moves Forward with Lunar Time Zone; Open Source Malware on the Rise, According to Sonatype Report; Six Principles of Operational Technology Cybersecurity Released; New Password Rules Recommended by NIST; OpenSSH 9.9 Released; Docker Updates Usage Plans.
    more »
  • News for Admins
    In the news: DHS Releases New Guidelines for Securing Critical Infrastructure; Datadog Report Examines DevSecOps Best Practices; Upskilling Key to Tech Staffing Challenges, Says LF Survey; 2024 Open Source Pros Job Survey Report Released; OpenSSF Issues Guidance to Help Prevent Social Engineering Attacks; Black Duck Supply Chain Edition Released by Synopsys; Spectra Logic Announces New Tape Libraries and Management Software; LPI Launches Open Source Essentials Program; Apache Software Foundation Celebrates 25 Years; SUSE Announces Rancher Prime 3.0; NSA Issues Zero Trust Guidelines for Network Security; and NIST Releases Major New Version of Cybersecurity Framework.
    more »
  • Put your Stack on Java with Sincerity

    Put your software stack on the JVM with a few simple commands.

    more »
  • Sincerity: Put your Favorite Stack on Java
    more »
comments powered by Disqus