Introduction
HPE has always prioritized cutting-edge security practices, continually adapting to meet the evolving challenges of using open-source software. This case study highlights the organization’s shift from limitations in its previous solution to achieving greater efficiency and risk clarity with Hopper.
Challenges Faced
While HPE had success with its legacy SCA tool in managing its growing use of open-source dependencies, several gaps emerged over time:
- Alert fatigue due to an overwhelming number of non-actionable vulnerability reports
- Areas of unscanned code and blind spots in transitive dependencies
- Delays in vendor support that hindered fast incident response
- Inefficient collaboration between AppSec and development teams
- Risk of operational disruption due to false positives triggering unnecessary updates
These challenges led the team to seek a modern solution purpose-built for deeper insight and reduced operational burden.
Solution Implemented
HPE selected Hopper after a hands-on pilot based on four key capabilities:
- Function-level reachability analysis to prioritize only reachable and exploitable vulnerabilities
- Agentless integration that required no CI/CD or infrastructure changes
- Developer-aligned remediation guidance that brought clarity and focus to vulnerability management
- Slack-based ChatOps integration that delivered real-time security insights directly into team workflows
One defining moment occurred during the evaluation of a reported vulnerability in the go-quick library used by the Axis Agent team. Hopper identified the vulnerability as non-reachable, accurately flagging it as a false positive. This saved the team from launching a system-wide update, preventing costly downtime and engineering rework.
"What shined with Hopper was the OSS focus: open-source software went from being a weak spot to our super power. It shifted our thinking around open-source."
— Nokky Goren, Director of Engineering, Hewlett Packard Enterprise
Results Achieved
By adopting Hopper, HPE achieved the following outcomes:
- Eliminated 92% of security alert noise, enabling teams to focus on what matters
- Accelerated incident response with 10x faster MTTR
- Avoided an unnecessary deployment cycle and preserved customer uptime, saving $340K
- Reclaimed over $500K in developer time by reducing alert triage and patch planning
- Strengthened collaboration between security and engineering through evidence-based validation
- Streamlined compliance reporting, saving $60K in manual reporting effort
"With Hopper, we achieved 92% noise reduction, avoided a deployment cycle and customer downtime, and saw a $1.4M ROI from faster incident resolution, improved productivity, and tighter audit readiness."
— Nokky Goren, Director of Engineering, Hewlett Packard Enterprise
Conclusion
Hopper empowered HPE to reclaim developer time, reduce business risk, and eliminate inefficiencies that were slowing down the security lifecycle. With a seamless deployment and a clear focus on what’s truly exploitable, Hopper delivered measurable value from day one. The result: faster response, fewer distractions, and more confidence in open-source security at scale.
Key Results
About
Hewlett Packard Enterprise (HPE) is a global leader in edge-to-cloud infrastructure and enterprise IT solutions. With operations in over 170 countries and a workforce of more than 60,000, HPE helps businesses accelerate outcomes by unlocking value from all their data, everywhere. The company is known for its innovation in networking, storage, and secure computing environments.
Industry: Enterprise Networking and Security
Software Development Languages: Go, C#, Python
Integrations: GitLab
Company Size
Headquarters
Download Case Study
