Skip to main content


Lifecycle enables development teams to prioritize application security earlier in their development lifecycle.

Most integrations are downloadable and activated through official distribution sites or plugin managers and will require familiarity with the host tool/platform to use. When enabling a plugin, be sure you're selecting the latest official release.

Available Integrations for Lifecycle

Host tool/platform

Plugins supported


Lifecycle for IDEA provides component analysis for both the Community and Ultimate edition of IntelliJ IDEA.


Lifecycle for Eclipse plugin lets you perform component analysis, inspect component details, and fix issues all from your IDE.

VS Code

Sonatype for VS Code allows you to surface and remediate issues in your workspace dependencies, a true Shift Left in application security for development teams.

Visual Studio 2019

Lifecycle for Visual Studio provides component analysis for both the Community, Professional, and Enterprise versions of Visual Studio.

Visual Studio 2022

Lifecycle for Visual Studio 2022 extension is the next line of native integrations for Visual Studio with improved filtering, workflow, and design.

Nexus Repository 2

Lifecycle for Nexus Repository 2 allows you to integrate Lifecycle’s policy management and component intelligence features with proxy repositories in Nexus Repository 2 Pro.

Nexus Repository 3

Lifecycle for Nexus Repository 3 allows you to integrate Lifecycle’s policy management and component intelligence features with proxy repositories in Nexus Repository 3 Pro.


Sonatype for Bamboo analyzes the components used in your software development for security and license characteristics.

Jenkins 2.x

Lifecycle for Jenkins 2.x plugin provides full component intelligence and the ability to run policy against your application.

Azure DevOps

Lifecycle for Azure DevOps evaluates pipeline builds for all supported component types and presents policy results and widgets within Azure DevOps.

Source Control Monitoring (SCM)

Lifecycle for SCM allows for early insight into code changes by working in tandem with continuous integration to push policy information about an application’s components directly into the SCM.


Lifecycle for CLI to evaluate any application against your policies using the command line interface.

Atlassian Jira

Sonatype for Jira automatically creates Jira project issues when Lifecycle policies are violated.


Sonatype for ServiceNow allows you to import Sonatype Vulnerability information about your organizations and applications into ServiceNow's Application Vulnerability Response (AVR).

Fortify SSC

Lifecyle integration with SSC integrates policy evaluation results from Lifecycle into Fortify SSC.


Sonatype CLM for Maven lets you evaluate any Maven-based software projects in the same way as our integrated tools providing access to the same robust reporting features no matter what toolset you use. It can be run on a command line interface and executed on any continuous integration server, as well as several popular IDEs.