Sonatype lifecycle foundation

Configure custom policies and identify open source risk in your applications at every new build and deployment.
CUSTOM POLICIES

Establish your risk tolerance

Create custom security, license, and architectural policies to identify software risks at CI and deployment. Get the flexibility you need to keep your software secure.
Lifecycle Foundation Section 01 - tinified
Lifecycle Foundation Section 02 - tinified
PRECISE REPORTS

Gain visibility into components and trends

Automatically generate a precise software bill of materials (SBOM) with everything you need to know about which components and dependencies are being used and their risk levels. View trends related to Mean Time to Resolution (MTTR) and easily show risk reduction to senior management.
REMEDIATION GUIDANCE

Resolve vulnerabilities with expert advice

Access the most advanced remediation guidance provided by our world-class security research team including exploit path, root cause, and actionable information to resolve the vulnerability. Give your frontline developers exactly what they need to remediate threats fast.
Lifecycle Foundation Section 03 - tinified

Add automation with Sonatype Lifecycle

Features
lf-img-2
Sonatype lifecycle
Customized policy yes yes
Integrates with CI/CD yes yes
Software bill of materials yes yes
Remediation guidance
Waivers, license overrides
yes yes
Integration to the IDE no yes
Automatic enforcement
Fail builds, creates JIRA tickets, emails
no yes
Continuous monitoring no yes
Integration via webhooks no yes
Application grandfathering no yes
High Availability no yes
Features
Customized policy yes
Integrates with CI/CD yes
Software bill of materials yes
Remediation guidance
Waivers, license overrides
yes
Integration to the IDE no
Automatic enforcement
Fail builds, creates JIRA tickets, emails
no
Continuous monitoring no
Integration via webhooks no
Application grandfathering no
High Availability no
Features
Customized policy yes
Integrates with CI/CD yes
Software bill of materials yes
Remediation guidance
Waivers, license overrides
yes
Integration to the IDE yes
Automatic enforcement
Fail builds, creates JIRA tickets, emails
yes
Continuous monitoring yes
Integration via webhooks yes
Application grandfathering yes
High Availability yes

Explore the Sonatype platform

Identify and resolve 
open source risk