Skip to main content

Scanning Applications Checklist

Scan a few applications to define a process for bringing on the rest of your applications. Here you'll decide on a scalable workflow for integrating applications with Sonatype Lifecycle.

Goals

  • A small number of applications regularly scanned

  • Create templates for bringing on other applications using the same languages and build processes as your pilot applications

Action Items

  1. Select applications - Identify a few high-performing teams to run a Sonatype Lifecycle pilot project. These applications should use languages and frameworks common to your organization.

  2. Import applications for initial Scan - Importing an application manually will give you immediate insight into the application's risk. Manifest scan results are often less precise than a binary fingerprint scan.

  3. Add Lifecycle to the applications' CI/CD Pipeline- Scanning as part of your build process should give you the best results and more tools to automate risk management.

  4. Create Build Templates - Create templates for modifying each application's build process to use Lifecycle. These can be reused for the rest of your applications.

  5. Test your templates - Use the templates as you onboard the rest of your pilot applications. This will let you refine and troubleshoot this process before onboarding all your applications.

  6. Add templates and onboarding process to your Wiki - Document the tools and processes you've established.

Measuring Success

Measure success by using the Success Metrics scriptto look at the number of onboarded applications and the number of scans. If you are regularly scanning your onboarded apps, then you're ready to begin onboarding all your applications.