Skip to main content

Golden Versions

The Golden Version

Sonatype's Component Intelligence scores a component version as the Golden Version if it falls under the recommended-non-breaking-with-dependencies category of recommendation.

This is a safe-to-use version of the component (including its dependencies) with no resulting breaking changes, that can be used for upgrade to remediate the reported policy violation.

NOTE: The Golden Version recommendation is currently available for the Maven ecosystem only.

Spotting the Golden Version

If Sonatype Component Intelligence finds a Golden Version for a component, the Recommendation Column in the Priorities View will show as "Non-breaking upgrade resolving issues for this component and its dependencies"

Priorities_dashboard_Golden_version.png

Click on the row, to view the Golden Version of the component on the component details page

Golden_ver_component_det.png

Spotting Golden Versions in IDEs

If Sonatype Component Intelligence finds a Golden Version for a policy violation, it can flag the suggestion in the supported Integrated Development Environment (IDE). The Golden Version can then be easily applied by the developers, seamlessly within the context of the IDE.

Prerequisites to view Golden Versions in the IDE:

  • Your IDE has been integrated with one of the available Sonatype IQ Server plugins for IDE.

The IQ Server IDE plugins that are currently support Golden PR are:

  1. IntelliJ IDEASonatype for IDEA

  2. Visual Studio CodeSonatype for VS Code

  3. Eclipse

The Golden PR

Sonatype IQ Server plugins for Source Control Management (SCM) can create PRs (pull request) with comments to upgrade dependencies to the recommended Golden Version. These versions are upgrade suggestions that will not cause breaking changes, while remediating the policy violation.

Using Golden Version recommendations you can enhance the fix rate for version upgrades by simplifying

Prerequisites to view Golden PRs in the SCM system

  1. Your SCM environment has been integrated using one of the available Sonatype IQ Server plugins.

  2. Check the Sonatype Developer dashboard to see if the application has been configured to use automatic SCM Feedback.

  3. Automated Pull Requests is enabled for the SCM.

Spotting Golden PRs Source Control Management Systems

The IQ Server plugins that currently support Golden PRs are: