Lifecycle Foundation
Lifecycle Foundation provides a subset of the Lifecycle functionality designed to support a focus on identifying and reporting security risks. Upgrade to a full Lifecycle license when ready for policy enforcement in the DevOps pipeline.
Create customized policies for security, license, and quality standards.
Integrate with existing CI/CD tools.
Automatically create an application composition report, or a software bill of materials, to visualize risk and policy violations.
Leverage the Sonatype Intelligence engine to provide remediation guidance including the use of waivers and license overrides.
Lifecycle Foundation does not let you:
Integrate policy information and remediation guidance in a developer’s IDE.
Include support for any automatic enforcement of policy like failing a build, or sending alerts, or automatically creating Jira tickets.
Provide continuous monitoring of applications that are in production, to identify new risks in existing preapproved components.
Establish legacy violations to baseline any existing violations when onboarding new applications.
Run in High Availability deployments
Connect to Nexus Repository or Sonatype Repository Firewall
Use Lifecycle Foundation to be More Secure
The goal of Lifecycle Foundation is to provide open-source risk analysis by leveraging superior Sonatype intelligence. Knowing what’s in your applications empowers you to make them more secure.
Lifecycle Foundation provides access to the Lifecycle policy engine. Policy is used to identify risks associated with open-source existing in your applications.
With Lifecycle Foundation, you can use the provided reference policies, and/or create your own organizational policies. You will not have access to policy actions, use of legacy violations, or automatic notifications through email or JIRA.
Lifecycle Foundation can produce a bill of materials (BOM) via the Application Composition Report. This report serves as a point-in-time output of risk associated with components in a specific application.
The Lifecycle Dashboard searches for violations found within a specific stage or policy type. Using filters to focus on specific risks to prioritize your remediation.
Remediating risk starts with improving your process of open-source selection. This data is found in the Component Information Panel and displays remediation suggestions with Sonatype’s enriched data and guidance.
Licensing and Features
The following table outlines the features, and limitations, of a Sonatype Lifecycle Foundation license:
Feature | Lifecycle | Lifecycle Foundation |
|---|---|---|
Customized policy |
|
|
CI/CD integration |
|
|
Software bill of materials |
|
|
IDE integration |
|
|
Automatic enforcement |
|
|
Continuous monitoring |
|
|
Remediation |
|
|
Integration via webhooks |
|
|
Legacy Violations |
|
|
High Availability |
|
|
