
Control open source risk across your SDLC

ENTERPRISE SECURITY
Monitor
Get alerts of new vulnerabilities based on risk level and applications affected.
Remediate
Improve incident response times with precise identification and vulnerability location.
Scale
Reduce manual compliance checks by enforcing customizable policies automatically.
Empower
Give developers the tools they need to choose healthier open source components.

SDLC risk control in action

“Using Sonatype Lifecycle, we’re able to identify risks earlier than ever before in the development process — especially compared to six months ago. Sonatype Lifecycle works very well within our DevOps practice.”

for developers
Deliver quality code fast

Control risk without switching tools
Code quality from the start
Remediate vulnerabilities fast
“We selected Sonatype Lifecycle because it has a very, very detailed explanation of the open source vulnerabilities and dependencies compared to other products."

for security teams
Manage open source vulnerabilities

Monitor for open source risk
Enforce policy automatically
Generate a Software Bill of Materials
“Automated monitoring is the primary reason we chose Sonatype Lifecycle. It alleviates the time consuming manual processes that inhibit scaling. We want to be able to have our eyes on the code and have Sonatype Lifecycle tell us when there’s something requiring our attention.”

Run products anywhere
Cloud


Self Hosted



Air-Gapped



Work with the tools you already use
Lifecycle tool integrations

Azure DevOps
Use Sonatype to store and manage binaries, build artifacts, and Docker containers within your OpenShift environment.

Jenkins
Use Sonatype to store and manage binaries, build artifacts, and Docker containers within your OpenShift environment.

Atlassian Bamboo
Use Sonatype to store and manage binaries, build artifacts, and Docker containers within your OpenShift environment.

Chrome Extension
Identify the risk within a package before you even download it with our Chrome extension.

Ahab
Scan base OS (debian, fedora, alpine) packages for vulnerabilities.

Nancy
Scan Golang projects for vulnerable third party dependencies.

Eclipse
Empower developers with precise component intelligence directly within the Eclipse IDE.

IntelliJ IDEA
Empower developers with precise component intelligence directly within IntelliJ IDEA.

Microsoft Visual Studio
Empower developers with precise component intelligence directly within Microsoft Visual Studio.

Github
Sonatype Lifecycle pushes component intelligence into GitHub where developers can view and respond to policy violations directly in pull requests.

Gitlab
Sonatype Lifecycle pushes component intelligence into GitLab where developers can view and respond to policy violations without breaking a build.

Atlassian Bitbucket
Sonatype Lifecycle pushes component intelligence into Bitbucket where developers can view and remediate policy violations with detailed Code Insights.

Maven
Infuse your Maven builds with the most precise component intelligence and automatically fail builds based on policy violations, including violations found in transitive dependencies.
Gradle
Resolve dependencies and deploy your artifacts and build information to Sonatype Nexus Repository Manager.

Jira
Auto-create Jira tickets when policy violations are triggered in Sonatype Lifecycle.

Slack
Communicate policy results to stakeholders via Slack.

Micro Focus Fortify
Gain a 360-degree view of all your application security issues with integration to Fortify SSC and Fortify On-Demand.

Threadfix
View Sonatype Lifecycle data in the ThreadFix dashboard for a single view of application security issues.

Kenna
View open source risk and policy violations with the Kenna security dashboard.

Docker
Automate container security and scale DevOps with Lifecycle container analysis.

Red Hat Clair
Sonatype Lifecycle integrates with Red Hat Clair to evaluate application, runtime, and OS level vulnerabilities within IQ for a single view into container risk.

DockerHub
Configure a DockerHub webhook listener that will consume events, and perform an IQ Lifecycle scan.

OpenShift
Use Sonatype to store and manage binaries, build artifacts, and Docker containers within your OpenShift environment.

Amazon Web Services
Manage and secure open source and third-party components in the cloud with Sonatype Nexus Repository and IQ Server.
Lifecycle language support












Lifecycle package support








%20@2x.png?width=141&height=140&name=APT%20(debian)%20@2x.png)



“We wanted fast solutions, but also wanted those to be secure solutions. With Lifecycle, we can help programmers make the right decisions and make their software more secure. That's why we chose Sonatype Lifecycle.”