Skip Navigation
sonatype-lifecycle-icon-reverse SONATYPE LIFECYCLE

Control open source risk across your SDLC

Automatically find and fix open source vulnerabilities across the SDLC.
Lifecycle-ship
Lifecycle-ship

SDLC risk control in action

“Using Sonatype Lifecycle, we’re able to identify risks earlier than ever before in the development process — especially compared to six months ago. Sonatype Lifecycle works very well within our DevOps practice.”
PREM RANGANATH
VP of Quality and Risk Management, Trilliant
Trilliant

for developers

Deliver quality code fast

LIFECYCLE-QUALITY-UI_wTooltip_update

Control risk without switching tools

Choose healthier components right from your IDE or source control, as easy as adding packages.

Code quality from the start

Prevent unplanned work, security breaches, and maintainability issues with early detection and remediation.

Remediate vulnerabilities fast

Know the exact location of any component and their dependencies. Get precise intelligence to fix threats fast.
“We selected Sonatype Lifecycle because it has a very, very detailed explanation of the open source vulnerabilities and dependencies compared to other products."
Ufuk Tankurt
Chief Architect, KKB
KKB@2x

for security teams

Manage open source vulnerabilities

LIFECYCLE-MANAGE-UI_wTooltip

Monitor for open source risk

Receive ongoing monitoring and alerts of new vulnerabilities based on component, risk level, or applications affected.

Enforce policy automatically

Customize policies to meet specific compliance goals and ensure they are enforced across a variety of development tools, without sacrificing speed.

Generate a Software Bill of Materials

Gain full visibility in minutes for each application for quick remediation of vulnerabilities based on detailed intelligence.

“Automated monitoring is the primary reason we chose Sonatype Lifecycle. It alleviates the time consuming manual processes that inhibit scaling. We want to be able to have our eyes on the code and have Sonatype Lifecycle tell us when there’s something requiring our attention.”
DAVID BLEVINS
CEO, Tomitribe
Tomitribe@2x
Don't slow the pace of innovation.

Run products anywhere

Flexible deployment options let you run anywhere—without the operational hurdles. Deploy easily with world class support from our Technical Support team at no additional cost.

Cloud

Get started right away. Streamline your infrastructure and rapidly scale with cloud solutions hosted on AWS and managed by Sonatype.
Available for
Firewall_Icon@3x Lifecycle_Icon (1)

Self Hosted

Unlock maximum flexibility. Choose to host on your own servers or in a cloud environment of choice.
Available for
Firewall_Icon@3x Repo_Icon@2x Lifecycle_Icon (1)

Air-Gapped

Adhere to the strictest security standards for government and affiliated organizations. Sonatype offers the only software supply chain solution for air-gapped environments.
Available for
Firewall_Icon@3x Repo_Icon@2x Lifecycle_Icon (1)

Work with the tools you already use

Lifecycle tool integrations

Azure DevOps
Azure DevOps

Use Sonatype to store and manage binaries, build artifacts, and Docker containers within your OpenShift environment.

Works With
Jenkins logo
Jenkins

Use Sonatype to store and manage binaries, build artifacts, and Docker containers within your OpenShift environment.

Works With
Bamboo logo
Atlassian Bamboo

Use Sonatype to store and manage binaries, build artifacts, and Docker containers within your OpenShift environment.

Works With
Chrome logo
Chrome Extension

Identify the risk within a package before you even download it with our Chrome extension.

Works With
Ahab
Ahab

Scan base OS (debian, fedora, alpine) packages for vulnerabilities.

Works With
Nancy
Nancy

Scan Golang projects for vulnerable third party dependencies.

Works With
Eclipse logo
Eclipse

Empower developers with precise component intelligence directly within the Eclipse IDE.

Works With
IntelliJ IDEA logo
IntelliJ IDEA

Empower developers with precise component intelligence directly within IntelliJ IDEA.

Works With
Microsoft Visual Studio logo
Microsoft Visual Studio

Empower developers with precise component intelligence directly within Microsoft Visual Studio.

Works With
GitHub logo
Github

Sonatype Lifecycle pushes component intelligence into GitHub where developers can view and respond to policy violations directly in pull requests.

Works With
Gitlab logo
Gitlab

Sonatype Lifecycle pushes component intelligence into GitLab where developers can view and respond to policy violations without breaking a build.

Works With
Atlassian Bitbucket logo
Atlassian Bitbucket

Sonatype Lifecycle pushes component intelligence into Bitbucket where developers can view and remediate policy violations with detailed Code Insights.

Works With
Maven logo
Maven

Infuse your Maven builds with the most precise component intelligence and automatically fail builds based on policy violations, including violations found in transitive dependencies.

Works With
Gradle logo
Gradle

Resolve dependencies and deploy your artifacts and build information to Sonatype Nexus Repository Manager.

Works With
Jira logo
Jira

Auto-create Jira tickets when policy violations are triggered in Sonatype Lifecycle.

Works With
Slack logo
Slack

Communicate policy results to stakeholders via Slack.

Works With
Micro Focus Fortify logo
Micro Focus Fortify

Gain a 360-degree view of all your application security issues with integration to Fortify SSC and Fortify On-Demand.

Works With
ThreadFix logo
Threadfix

View Sonatype Lifecycle data in the ThreadFix dashboard for a single view of application security issues.

Works With
Kenna logo
Kenna

View open source risk and policy violations with the Kenna security dashboard.

Works With
Docker
Docker

Automate container security and scale DevOps with Lifecycle container analysis.

Works With
Red Hat logo
Red Hat Clair

Sonatype Lifecycle integrates with Red Hat Clair to evaluate application, runtime, and OS level vulnerabilities within IQ for a single view into container risk.

Works With
DockerHub logo
DockerHub

Configure a DockerHub webhook listener that will consume events, and perform an IQ Lifecycle scan.

Works With
Openshift Logo
OpenShift

Use Sonatype to store and manage binaries, build artifacts, and Docker containers within your OpenShift environment.

Works With
Amazon Web Services logo
Amazon Web Services

Manage and secure open source and third-party components in the cloud with Sonatype Nexus Repository and IQ Server.

Works With

Lifecycle language support

Java@2x Java
JavaScript@2x Javascript
Python@2x Python
C#@2x C#
Ruby @2x Ruby
Scala@2x Scala
R@2x R
Swift@2x Swift
Clojure@2x Clojure
Go Modules @2x GO
Gosu@2x Gosu
php@2x PHP

Lifecycle package support

Maven @2x-1 Maven
npm_logo npm
Docker @2x-1 Docker
pypi @2x PyPi
nuget @2x Nuget
10-yum Yum
Go Modules @2x Go
Ruby @2x Rubygems
APT (debian) @2x Apt
Helm Charts @2x Helm
gitlfs @2x gitlfs
Conan @2x Conan
“We wanted fast solutions, but also wanted those to be secure solutions. With Lifecycle, we can help programmers make the right decisions and make their software more secure. That's why we chose Sonatype Lifecycle.”
Stefan Simenon
Head of Centre of Expertise of Software Development & Tooling, ABN-AMRO
ABN Amro

6x

decrease time to deployment

Reduce your risk across software development