What’s New in Q4 2025 – Onapsis Delivering New and Expanded Capabilities to Broaden SAP DevSecOps Coverage for Customers

Securing mission-critical SAP systems demands constant evolution to counter sophisticated attacks and zero-day exploits. As part of our commitment to your SAP cyberdefense, we are continually investing and innovating in our security products, and are releasing essential new features this Q4 to provide our customers with the best possible protection.

Key Takeaways

• New platform updates include SAP code security testing for SAP CI/CD, Bitbucket, and gCTS covering modern software development on SAP BTP
• New TMS Approval Workflow to block risky transports from reaching production
• New vulnerability scans and checks for SAP Web Dispatcher
• New monitoring for SAP Cloud Connector and Alert on Anything for HANA and Java logs

As the only SAP Endorsed App for cybersecurity, all of us at Onapsis take our mission to secure our clients’ business-critical SAP landscapes very seriously. Our product teams are constantly developing new and expanded capabilities to help protect our clients from the biggest threats to SAP while delivering security and compliance automation savings designed for today’s modern SAP environments. 

We’re excited to roll out a number of new updates to our market-leading Onapsis Control product line that advance greater security in both modern SAP and Cloud ERP application development environments, including integration with SAP Continuous Integration and Delivery (CI/CD), expanded Git repository support to secure more code at rest, and enhanced workflow integration with SAP Transport Management System (TMS). 

We’re also happy to announce new, expanded support for SAP Web Dispatcher and SAP Cloud Connector in our Assess and Defend products. Together, Onapsis is able to provide the most comprehensive SAP cybersecurity coverage–stretching from development to productive systems–to help our customers automate security and compliance checks, detect risks earlier and strengthen protection across your SAP landscapes as more and more SAP customers develop for and migrate to the cloud.

Why These Onapsis Platform Updates Matter Now

Over the last three years, threat intelligence from the Onapsis Research Labs noted that the time for exploitation for SAP-focused threat actors has decreased significantly while ransomware attacks targeting SAP applications have increased by 400%.  The Onapsis Research Labs also observed that new SAP applications in the cloud are being directly targeted and attacked within fewer than three hours of deployment. Considering 92% of organizations now classify their SAP data as mission critical, it’s more important than ever to ensure your mission-critical SAP landscape–whether on premises, in hybrid clouds, or in RISE with SAP deployments–are secured. 

Key Onapsis Platform Updates for Q4 2025

To help fight back and defend from these attacks, organizations need automated security controls embedded directly into development workflows. That’s exactly what we’re delivering today, with new capabilities including:

• New SAP CI/CD integration with coverage of SAP Business Technology Platform (BTP): Enables automated, continuous code security and compliance checks throughout the software development lifecycle, securing organizations extending their SAP landscape in the cloud
• Expanded Git repository coverage: Adds support for gCTS and Bitbucket, enhancing the ability to scan code early in development and enforce quality and security standards
• SAP TMS approval workflow: Scans transports automatically before they reach production, empowering teams to block transports when critical vulnerabilities are detected
• SAP Web Dispatcher support in Assess: Introduces dedicated vulnerability scan and checks for SAP’s secure web gateway, improving visibility into one of the most exposed entry points for SAP applications
• SAP Cloud Connector monitoring in Defend: Alerts on critical configuration changes to Cloud Connector that could violate security policies / controls frameworks or introduce risk to this essential asset
• Alert on Anything for HANA and JAVA assets in Defend: Gives customers flexibility to alert on additional activities captured in HANA and JAVA logs, allowing them to customize and expand their monitoring beyond the industry-leading detection rules and alert templates that ship with Defend to support their company’s specific security / compliance needs 

Strengthening SAP Security for the Future

“The recent exploitations of critical SAP vulnerabilities show just how quickly attackers can move on your business-critical applications once weaknesses are exposed,” said Mariano Nunez, CEO of Onapsis. “Defenders of critical, complex SAP environments are under a lot of pressure and, with the stakes higher than ever before, organizations can no longer afford to take unnecessary risks, depending on native tooling, manual processes, or reactive security. They need proactive security built in at every stage of development, taking you securely from development to production. Onapsis delivers security that evolves with your SAP environments and cloud transformations.”

“No other vendor secures SAP landscapes as completely as we do. As the only SAP-endorsed security partner offering protection across development, transport and runtime, we enable customers to achieve both speed and security without compromise,” said Sadik Al-Abdulla, Chief Product Officer at Onapsis. “With the rapidly growing adoption of RISE with SAP and SAP BTP, organizations need SAP cybersecurity that is cloud ready and fueled by deep threat research to protect themselves from the aggressive, sophisticated threat actors targeting vulnerable SAP cloud landscapes today.”

Availability

The SAP CI/CD integration is generally available today. All other features will be available at the end of Q4 2025. Contact your Onapsis sales representatives or authorized systems integrator for pricing and further details.

We look forward to speaking with you and helping you solve your SAP security and compliance challenges.

contact us

FAQs

1. What is the biggest new threat that these updates are designed to address?

While these updates address the accelerated threat landscape—where ransomware attacks are up 400% and new cloud applications are exploited in less than three hours—Onapsis ensures you have the best possible protection against this speed. We deliver the most comprehensive and rigorous SAP DevSecOps coverage on the market, stretching from development to productive systems. Our security controls are continuously fueled by the Onapsis Research Labs, which provides always up-to-date threat intelligence and the protection necessary to keep your mission-critical SAP systems resilient against the latest and most aggressive attacks, utilizing both Assess (for vulnerability and compliance checks) and Defend (for continuous monitoring and threat detection).

2. How does the new SAP CI/CD integration help me secure my cloud-based SAP development?

The new SAP CI/CD integration with coverage of SAP Business Technology Platform (BTP) enables automated, continuous code security and compliance checks throughout the entire software development lifecycle. This helps you ‘shift left’ your security by embedding checks early in the process. This new integration complements our existing CI/CD pipeline scanning capabilities for tools like Azure Pipelines and SAP Project Piper, ensuring complete coverage. By catching and fixing vulnerabilities at this stage, it drastically reduces the cost and effort required compared to finding and remediating issues later in testing or production, ultimately saving time and preventing delays.

3. How is Onapsis expanding its support for Git repositories, and what are the benefits?

We’ve expanded our Git repository coverage to include support for gCTS and Bitbucket. This enhancement significantly increases our ability to scan code early in the development lifecycle. By covering GitLab, GitHub, Azure Repos, abapGit, and SAPUI5, in addition to these new ones, we now secure the most used Git repositories for both ABAP and non-ABAP code, which is a unique and comprehensive offering. Scanning code at rest in these repositories allows organizations to enforce quality and security standards at the very beginning of the development process.

4. How do these updates enhance the security of the SAP Transport Management System (TMS)?

We’ve introduced a new SAP TMS approval workflow which scans transports automatically before they reach production. This capability empowers your teams to instantly block transports when critical vulnerabilities or risks are detected. This enhancement is crucial for solidifying the security of your traditional on-premise and hybrid SAP environments by ensuring that no risky code is promoted to your production system via the standard TMS process.

5. Do Onapsis vulnerability checks for SAP Web Dispatcher align with the SAP Security Baseline Template? 

Yes, our Assess vulnerability checks provide 100% coverage of the SAP Security Baseline Template control points for SAP Web Dispatcher. It’s important for us that our products – across the SAP stack, not just Web Dispatcher – allow our customers to easily see if they are following SAP’s security recommendations, in addition to the advanced recommendations from the experts at the Onapsis Research Labs.   

6. How does Onapsis help secure SAP Cloud Connector?

SAP Cloud Connector is supported by both Onapsis Assess and Defend, providing customers with both point-in-time vulnerability scans and continuous monitoring to help customers harden their instances and maintain secure configuration.

Assess replaces significant manual effort that would otherwise be needed to 1. understand how Cloud Connector should be configured and 2. audit your Cloud Connector settings against those best practices. Defend alerts on changes to Cloud Connector configurations that could take you out of a secure state or could violate your internal security policies or controls frameworks.