Skip to main content

Lifecycle Deployment Best Practices

The following best practices are based on recommendations used in successful deployments. Success comes from the coordinated effort of your developers and open-source governance champions. The Customer Success team can help tailor and plan to meet your organization's needs.

Review the best practices for each phase of your deployment.

  • Project Initiation (1st month)

  • Project Pilot (first 2 months)

  • Project Commencement (1st year)


Architecture Overview

The Sonatype Lifecycle solution is comprised of the following components:

Server infrastructure


Sonatype IQ Server

  • UI configuration and reporting service

external Postgres database (optional)

  • recommended for production environments

reverse proxy

  • SSL termination and load balancing

outbound data connection


ci/build servers

  • evaluate applications during the build

  • automatic policy enforcement

ticketing or reporting tools

  • Jira, SCM, email, Slack, Webhooks, etc.

  • for automated governance workflows

development tools

  • Sonatype Firewall, ide plugins, chrome plugin, etc.

  • shifting policy left

Best practices to consider when deploying the Sonatype IQ Server