Visual Studio Extension

Accelerate secure development with the Sonatype extension for Microsoft Visual Studio. This plugin integrates directly into your Visual Studio, enabling you to automatically surface and remediate open source risk without leaving your integrated development environment (IDE).

Works With:

Explore Documentation

Open Source Intelligence, Right in Your IDE

Get real-time insights into open source component risk during development with the Visual Studio integration. The extension scans your project files as you code and displays security, license, and policy information, all within the Visual Studio IDE.

With Sonatype Lifecycle running in the background, the Visual Studio extension automatically analyzes dependencies declared in your project files (e.g., pom.xml, package.json, requirements.txt) and flags components that violate your organization’s policies. Developers get immediate visibility into component quality, known vulnerabilities, and license compliance, without interrupting their coding flow.

Combining the power of Sonatype Lifecycle with Visual Studio helps development teams shift security left and make informed decisions earlier in the software development life cycle (SDLC).

Explore Lifecycle

Visual Studio Integration Features

Configuration

Authenticate the extension using your Sonatype Lifecycle instance URL and token. Once configured, the extension scans project files automatically.

Running Analysis

Run policy evaluations manually or configure them to run automatically on file open or save. The extension supports common formats used by npm, PyPI, and Maven.

Filter Results

Easily filter identified issues by severity, component name, or policy type, helping you prioritize what matters most.

Sorting

Sort vulnerabilities by criticality, age, or component version to quickly identify and act on high-risk issues.

Policy Evaluation Details

Get detailed information about policy violations directly in your IDE, including remediation guidance and CVE details.

Component Lookup

Search for specific components and their metadata, including known vulnerabilities and license details, without switching tools.

Related Integrations

Sonatype for Jira Cloud

Learn More

Sonatype for Jira Data Center

Learn More

Sonatype Platform Plugin for Jenkins

Sonatype Lifecycle

Learn More

Sonatype Platform Plugin for Jenkins

Sonatype Nexus Repository

Learn More

FAQs

What types of projects does the extension support?

Do I need a Sonatype Lifecycle license to use the extension?

Is this extension available for Visual Studio on Mac or Linux?

Visual Studio Extension

Works With:

Open Source Intelligence, Right in Your IDE

Visual Studio Integration Features

Related Integrations

Sonatype for Jira Cloud

Sonatype for Jira Data Center

Sonatype Platform Plugin for Jenkins

Sonatype Platform Plugin for Jenkins

Microsoft Visual Studio Resources

Visual Studio Integration Documentation

Integration on Visual Studio Marketplace

FAQs

Subscribe for all the latest software security news and events