Integrations Capability Matrix
Our developers are continuously improving and adding new capabilities to Lifecycle integrations. As they develop new capabilities, they are rolled out to the various platforms and deployment options. This document maps which features are currently available with which deployment. If you do not see the supported feature you expect, please submit your request through the ideas.sonatype.com portal.
Integrations to Lifecycle require a license, while Lifecycle integrations with Nexus Repository require a Sonatype Lifecycle or Repository Firewall license and a Nexus Repository Pro license.
The following summarizes our current integration offerings with leading DevOps toolchain applications and technology stacks.
CI/CD Systems
Jenkins | Azure DevOps | Bamboo | Circle CI | ||||
Server | Cloud | Server | Cloud | Server | DataCenter | CircleCI | |
Policy Evaluation Perform a policy evaluation within build pipeline |
|
|
|
|
|
| |
Policy Summary Get policy evaluation summary within build pipeline |
|
|
|
|
|
| |
Publish to Nexus Repository Ability to push build artifacts to Nexus Repository |
|
| |||||
Dashboard Widgets View summary policy evaluation information in graphical form within build pipeline |
|
|
| ||||
Build Failure Report View detailed policy evaluation results within build pipeline |
|
|
| ||||
Legend: 
= Supported, 
= Not Tested, 
= Community
Source Control Management (SCM)
Azure DevOps | Bitbucket | GitHub | GitLab | ||||||
Services | Server | Cloud | Server | DataCenter | Cloud | Enterprise | Cloud | Enterprise | |
SCM Onboarding Quickly onboarding source repositories into Lifecycle. |
|
|
|
|
|
|
|
|
|
Build Status |
|
|
|
|
|
|
|
|
|
Automated Pull/Merge Requests Automatically create pull requests for policy violations on components with suggested remediation. |
|
|
maven, gradle, npm, go |
maven, gradle, npm, go |
maven, gradle, npm, go |
maven, gradle, npm, go |
maven, gradle, npm, go |
maven, gradle, npm, go |
maven, gradle, npm, go |
Pull/Merge Request Commenting Developer is notified of component issues upon commit to repository. Information is consolidated at Pull/Merge Request level. |
|
|
Code Insights |
Code Insights |
|
|
|
| |
Code Commenting Detailed, line-level information is provided of component issues upon commit to repository. |
Code Insights Line-level comments in PR Review maven, gradle, npm, go |
Code Insights Line-level comments in PR Review maven, gradle, npm, go |
Line-level comments in PR Review maven, gradle, npm, go |
Line-level comments in PR Review maven, gradle, npm, go |
Line-level comments in PR Review maven, gradle, npm, go |
Line-level comments in PR Review maven, gradle, npm, go | |||
CI/CD Integration Integration with SCM system's build capability |
Pipelines |
Pipelines | n/a | n/a |
Actions |
|
Pipelines |
Pipelines | |
Legend: = Supported, = Not Tested
IDE Integration
Eclipse | IDEA | Visual Studio | VS Code | |
Component Intelligence - Lifecycle Intelligence View component status within IDE using premium data from Lifecycle Intelligence |
|
|
|
|
Build file formats | Java Classpath (Maven, Gradle, ...) | Java Classpath, npm (Maven, Gradle, ...) | NuGet | Java (Maven and Gradle), JavaScript (npm and Yarn), Go (Go modules), Python (Poetry, Pip), Rust (Cargo), PHP (Composer), C (Conan (1.x only)) |
Legend: = Supported
Package / Build Tools
Maven | Gradle | |
Policy Evaluation Perform a policy evaluation using standardized build tools |
|
|
Legend: = Supported, = Community
Ticketing Systems
Jira | |||
Jira Cloud | Jira Server | Jira Data Center | |
Atlassian Jira Notifications Jira ticket automatically created upon policy violation |
| ||
Lifecycle for Jira Jira ticket automatically created upon policy violation, advanced ability to group tickets via policy or component |
|
| |
Legend: = Supported
-- Icons made by Alfredo Hernandez from Flaticon