Accelerate secure development with the Sonatype extension forMicrosoft Visual Studio. This plugin integrates directly into your Visual Studio, enabling you to automatically surface and remediateopen source riskwithout leaving your integrated development environment (IDE).
Get real-time insights into open source component risk during development with the Visual Studio integration. The extension scans your project files as you code and displays security, license, and policy information, all within the Visual Studio IDE.
With Sonatype Lifecycle running in the background, the Visual Studio extension automatically analyzesdependenciesdeclared in your project files (e.g., pom.xml, package.json, requirements.txt) and flags components that violate your organization’s policies. Developers get immediate visibility into component quality, known vulnerabilities, and license compliance, without interrupting their coding flow.
Authenticate the extension using your Sonatype Lifecycle instance URL and token. Once configured, the extension scans project files automatically.
Running Analysis
Run policy evaluations manually or configure them to run automatically on file open or save. The extension supports common formats used by npm, PyPI, and Maven.
Filter Results
Easily filter identified issues by severity, component name, or policy type, helping you prioritize what matters most.
Policy Evaluation Details
Get detailed information about policy violations directly in your IDE, including remediation guidance and CVE details.
Component Lookup
Search for specific components and their metadata, including known vulnerabilities and license details, without switching tools.
Sorting
Sort vulnerabilities by criticality, age, or component version to quickly identify and act on high-risk issues.
What types of projects does the extension support?
The extension supports C# (nuget), JavaScript/TypeScript (npm), and Python (PyPi) project types out of the box. It identifies and evaluates components defined in supported dependency files such as pom.xml, package.json, and requirements.txt.
Do I need a Sonatype Lifecycle license to use the extension?
Yes, the Visual Studio extension is designed to work with Sonatype Lifecycle. You’ll need access to a Lifecycle instance and a valid token to authenticate and evaluate components.
Is this extension available for Visual Studio on Mac or Linux?
The Visual Studio Code extension is cross-platform and works on macOS, Linux, and Windows. The Visual Studio 2022 extension is available for Windows only.
.png?width=1968&height=2893&name=Header-LR-Gray-(RIGHT).png)
.png?width=1467&height=2893&name=Header-LR-Gray-(LEFT).png)
