Skip to main content

Sonatype Developer

Sonatype Developer brings a developer-centric experience to manage the quality of open source components. Developers can easily access prioritized and actionable suggestions to improve the quality and security posture of their applications, and eliminate rework.

sonatype-developer-icon.png

Reduce Time to Remediate Risks and Give Developers Time Back!

Sonatype Developer plugins enable the Shift-Left approach, by identifying and remediating vulnerabilities much earlier in the development process. The component intelligence data powered by Sonatype IQ Server is easily available to the developers and helps with planning and prioritizing the remediation tasks.

Sonatype IQ Server's policy enforcement maintains compliance of all applications with the organization's AppSec policies.

Sonatype Developer lets you integrate IQ Server capabilities with your

  1. CI/CD pipelines

    Integrations available for: Azure DevOps, Jenkins

  2. SCM tools

    Integrations available for: GitHub, GitLab, Bitbucket, Azure DevOps

  3. Issue tracking

    Integrations available for: Atlassian Jira

  4. IDEs

    Integrations available for: IntelliJ IDEA, Eclipse, Visual Studio

Key Features

Monitoring

Sonatype Developer provides insights into the extent of adoption of the integration tools and the remediation timelines via a dashboard on the landing page.

Configure your Applications

Configure your applications with any of the integration tools listed above, in the Applications Configuration section.

You can view key evaluation findings like time of last commit, time of last evaluation, and total no. of violations (total risk.)

Prioritize your Backlog

Sonatype's proprietary Priority Algorithm determines the priority of the violations that need immediate attention. Click on the View Priorities link for violation details and recommendations for remediation.

Perform Reachability Analysis

Using the Jenkins plug-in, you can limit the scope of the IQ Server scan to a function or a method, to determine reachable components.Sonatype Platform Plugin for Jenkins

Learn more about Reachability analysis (call flow analysis) here.

Stay Updated

For latest features, improvements and bug fixes check out the Release Notes.

Automate with REST APIs

Relevant REST APIs

Component Remediation REST API