Golden Versions

Sonatype's Component Intelligence scores a component version as the Golden Version if it falls under the recommended-non-breaking-with-dependencies category of recommendation.

This is a safe-to-use version of the component (including its dependencies) with no resulting breaking changes, that can be used for upgrade to remediate the reported policy violation.

NOTE: The Golden Version recommendation is currently available for the Maven ecosystem only.

Spotting the Golden Version

If Sonatype Component Intelligence finds a Golden Version for a component, the Recommendation Column in the Priorities View will show as "Non-breaking upgrade resolving issues for this component and its dependencies"

Click on the row, to view the Golden Version of the component on the component details page

Spotting Golden Versions in IDEs

If Sonatype Component Intelligence finds a Golden Version for a policy violation, it can flag the suggestion in the supported Integrated Development Environment (IDE). The Golden Version can then be easily applied by the developers, seamlessly within the context of the IDE.

Prerequisites to view Golden Versions in the IDE:

• Your IDE has been integrated with one of the available Sonatype IQ Server plugins for IDE.

The IQ Server IDE plugins that are currently support Golden PR are:

1. IntelliJ IDEASonatype for IDEA

2. Visual Studio CodeSonatype for VS Code

Sonatype IQ Server plugins for Source Control Management (SCM) can create PR (pull request) comments to upgrade dependencies to the recommended Golden Version. These versions are upgrade suggestions that will not cause breaking changes, while remediating the policy violation.

Using Golden Version recommendations you can enhance the fix rate for version upgrades by simplifying

Prerequisites to view Golden PR Comments in the SCM system