Skip to main content

Lifecycle Deployment Best Practices

The following best practices are based on recommendations used in successful deployments. Success comes from the coordinated effort of your developers and open-source governance champions. The Customer Success team can help tailor and plan to meet your organization's needs.

Review the best practices for each phase of your deployment.

Project Initiation (1st month)
Project Pilot (first 2 months)
Project Commencement (1st year)

Architecture Overview

The Sonatype Lifecycle solution is comprised of the following components:

Server infrastructure	Description
Sonatype IQ Server	UI configuration and reporting service
external Postgres database (optional)	recommended for production environments
reverse proxy	SSL termination and load balancing
outbound data connection	connection to Sonatype data services 443 TCP to https://clm.sonatype.com
Integrations
ci/build servers	evaluate applications during the build automatic policy enforcement
ticketing or reporting tools	Jira, SCM, email, Slack, Webhooks, etc. for automated governance workflows
development tools	Sonatype Firewall, ide plugins, chrome plugin, etc. shifting policy left

Best practices to consider when deploying the Sonatype IQ Server

The Getting Started checklist can be used to help prepare for deployment.
For enterprise customers, we recommend using an external Postgres database.
Cloud deployments for AWS, Docker, Red Hat, and Helm charts.

Would you like to provide feedback? Just click here to suggest edits.