Sonatype Developer

Sonatype Developer plugins enable the Shift-Left approach, by identifying and remediating vulnerabilities much earlier in the development process. The component intelligence data powered by Sonatype IQ Server is easily available to the developers and helps with planning and prioritizing the remediation tasks.

Sonatype IQ Server's policy enforcement maintains compliance of all applications with the organization's AppSec policies.

Sonatype Developer lets you integrate IQ Server capabilities with your

Monitoring

Sonatype Developer provides insights into the extent of adoption of the integration tools and the remediation timelines via a dashboard on the landing page.

Configure your Applications

Configure your applications with any of the integration tools listed above, in the Applications Configuration section.

You can view key evaluation findings like time of last commit, time of last evaluation, and total no. of violations (total risk.)

Prioritize your Backlog

Sonatype's proprietary Priority Algorithm determines the priority of the violations that need immediate attention. Click on the View Priorities link for violation details and recommendations for remediation.

Perform Reachability Analysis

Using the Jenkins plug-in, you can limit the scope of the IQ Server scan to a function or a method, to determine reachable components.

Learn more about Reachability analysis (call flow analysis) here.

Relevant REST APIs

Component Remediation REST API