Automated Source Control Feedback
Sonatype Lifecycle provides policy violation information directly in your Source Control Management System. This lets developers find out about policy violations during the code development process.
The policy violation information includes policy evaluation summaries on new pull requests, comments on your pull requests, and opening new pull requests. Learn more about each feature below:
Feature | Description |
|---|---|
Policy Evaluation Summaries |
|
Pull Request Commenting |
|
Pull Request Line Commenting |
|
Automatic Pull Requests |
|
Prerequisites
All features require the Lifecycle Application is configured with an Access token and repository URL.
The table below identifies where features can be enabled and disabled:
Feature | Automatic Pull Requests | Automated Commit Feedback | Pull Request Commenting | Pull Request Line Commenting |
|---|---|---|---|---|
Configuration | Configured at the Organization | Configured in SCM Provider. | Configured at the Organization | Enabled when Pull Request Commenting is enabled. |
Golden PR for GitHub
Sonatype IQ Server plugin for GitHub creates a Pull Request (PR) comment, if it is able to determine a Golden Version of the component that can remediate the policy violation.
The Golden Version of the component is defined as recommended-non-breaking-with-dependencies.
Sonatype IQ Server plugin for GitHub creates a Golden Pull Request (PR) automatically, if it is able to determine a Golden Version of the component that can remediate the policy violation. Refer to example 3 below.
Examples:
1. A top-level Golden PR comment for a Golden Version of a component will be seen as below. The version upgrade information indicates that bumping to a version will resolve all policy violations for this component (including its dependencies) and result in no breaking changes.
2. A Golden PR line comment will be seen as below. The Golden Version of the component is indicated by a gold star.
3. A Golden PR (indicated by a gold star,) will be created as below, indicating the suggested component version, i.e. Golden Version. This is a safe-to-use version with no breaking changes, no policy violations (including its dependencies) and can be used to remediate the policy violations.
Golden PR for GitLab
Sonatype IQ Server plugin for GitLab creates a comment if it is able to determine a Golden Version of the component that can remediate the policy violation.
The Golden Version of the component is defined as recommended-non-breaking-with-dependencies.
Sonatype IQ Server plugin for GitLab creates a Golden Pull Request (PR) automatically, if it is able to determine a Golden Version of the component that can remediate the policy violation. Refer to example 3 below.
Examples:
1. A top-level Golden PR comment for a Golden Version of a component will be seen as below. The version upgrade information indicates that bumping to a version will resolve all policy violations for this component (including its dependencies) and result in no breaking changes.
2. A Golden PR line comment will be seen as below. The Golden Version of the component is indicated by a gold star.
3. A Golden PR (indicated by a gold star,) will be created as below, indicating the suggested component version, i.e. Golden Version. This is a safe-to-use version with no breaking changes, no policy violations (including its dependencies) and can be used to remediate the policy violations.
Golden PR for Azure DevOps
Sonatype IQ Server plugin for Azure DevOps creates a Pull Request (PR) comment, if it is able to determine a Golden Version of the component that can remediate the policy violation.
The Golden Version of the component is defined as recommended-non-breaking-with-dependencies.
Sonatype IQ Server plugin for Azure DevOps creates a Golden Pull Request (PR) automatically, if it is able to determine a Golden Version of the component that can remediate the policy violation. Refer to example 3 below.
Examples:
1. A top-level Golden PR comment for a Golden Version of a component will be seen as below. The version upgrade information indicates that bumping to a version will resolve all policy violations for this component (including its dependencies) and result in no breaking changes.
2. A Golden PR line comment will be seen as below. The Golden Version of the component is indicated by a gold star.
3. A Golden PR (indicated by a gold star,) will be created as below, indicating the suggested component version, i.e. Golden Version. This is a safe-to-use version with no breaking changes, no policy violations (including its dependencies) and can be used to remediate the policy violations.
Golden PR for Bitbucket
Sonatype IQ Server plugin for Bitbucket creates a comment, if it is able to determine a Golden Version of the component that can remediate the policy violation.
The Golden Version of the component is defined as recommended-non-breaking-with-dependencies.
Sonatype IQ Server plugin for Bitbucket creates a Golden Pull Request (PR) automatically, if it is able to determine a Golden Version of the component that can remediate the policy violation. Refer to example 3 below.
Examples:
1. A top-level Golden PR comment for a Golden Version of a component will be seen as below. The version upgrade information indicates that bumping to a version will resolve all policy violations for this component (including its dependencies) and result in no breaking changes.
2. A Golden PR line comment will be seen as below. The Golden Version of the component is indicated by a gold star.
3. A Golden PR (indicated by a gold star,) will be created as below, indicating the suggested component version, i.e. Golden Version. This is a safe-to-use version with no breaking changes, no policy violations (including its dependencies) and can be used to remediate the policy violations.
