Skip to main content

Notable Integrations Changes

This page summarizes the major changes in Sonatype integrations. Note that this is not an exhausted list of all changes across all integrations; detailed change logs are available within each individual integration's main help page. This page focuses only on highlighting major changes.

March 2025

See below to learn more about exciting changes to our integrations in March 2025

Enhanced Prioritization with Integration-Specific Filters

Released March 2025

When navigating to the Priorities view from one of our supported integrations, the results are now automatically filtered to display violating components that directly impact your build. This means you'll immediately see components causing build failures or warnings, eliminating the need to sift through irrelevant data. For example, if you access the Priorities view through Jenkins, the filter will highlight components that caused your Jenkins build to fail. This focused view ensures that you address critical vulnerabilities promptly, streamline your vulnerability management process, and reduce the time spent manually adjusting filters.

February 2025

See below to learn more about exciting changes to our integrations in February 2025

Enhanced Console Output with Lifecycle and Developer Links (IQ CLI)

Released February 15, 2025

Sonatype CLI now provides direct links to both the detailed Sonatype Lifecycle report and the Developer priority page in the console output. This enhancement makes it easier to access critical vulnerability and policy violation details, streamlining remediation efforts for developers and security teams.

Branch Name Collection (Bamboo, Jenkins, Maven, GitLab, GitHub, Azure DevOps)

Released February 5, 2025

Sonatype's CI/CD integrations—including Bamboo, Jenkins, Maven, GitLab, GitHub, and Azure DevOps—can now retrieve and send Git branch names along with scan data. This enhancement provides better context for security and policy evaluations, ensuring that branch-specific insights are available within reports. By associating scans with their respective branches, developers can more effectively track and address issues. For more details, see the Sonatype CI and CLI Integrations documentation.

January 2025

See below to learn more about changes to our integrations in January 2025.

Sonatype IQ CLI is now a Standalone Solution (IQ CLI)

Released January 9, 2025

We're excited to announce that the IQ CLI is now a standalone solution. The standalone IQ CLI (i.e., IQ CLI 2.0) includes all the functionality you're used to but will now follow its own independent versioning and release cadence. This change allows for faster development, more frequent releases, and better integration with your existing workflows.

Note that this change means that the IQ CLI is now a separate download and is not included in the bundled IQ download. See the Download and Compatibility page to download the CLI.

Dependency Tree Visualization for Cargo (IQ CLI)

Released January 9, 2025

With IQ CLI 2.0, the dependency tree visualization now allows you to explore the full dependency tree of your Cargo projects, including direct and transitive dependencies sorted by threat level. This provides a comprehensive view of your project's dependencies and potential vulnerabilities, facilitating better risk assessment and management.

Note that for the dependency tree visualization to work for Cargo, both your Cargo.lock and Cargo.toml files must exist in the same location. For more details, see the dependency tree help documentation.