Case Study: Software AG achieves compliance checks in minutes with Sonatype Lifecycle

Software AG’s ARIS Maintains Legal Compliance and a Secure CI/CD Development Cycle with Sonatype

Software AG, the global enterprise software leader behind ARIS, needed to meet regulatory compliance at scale across a codebase of more than 20 million lines of code, thousands of third-party libraries, and dozens of microservices. Its in-house software composition analysis process relied on manual checks, which slowed development and couldn’t scale to match the team’s needs. Software AG turned to Sonatype Lifecycle to help automate compliance and keep developers moving fast.

Sonatype implemented Sonatype Lifecycle across Software AG’s CI/CD pipeline to automate license and copyright scanning, surface legal, security, and technical findings faster, and improve accuracy in compliance management. The impact was significant: legal compliance checks dropped from 2–3 weeks per release to just two minutes per commit, while also improving collaboration across development, security, and operations teams. Software AG also streamlined procurement and deployment by purchasing Sonatype products through AWS Marketplace.

Software AG

Rocco De Angelis

Director at ARIS R&D