Sonatype Developer
Sonatype Developer brings a developer-centric experience to manage the quality of open source components. Developers can easily access prioritized and actionable suggestions to improve the quality and security posture of their applications, and eliminate rework.
Reduce Time to Remediate Risks and Give Developers Time Back!
Sonatype Developer plugins enable the Shift-Left approach, by identifying and remediating vulnerabilities much earlier in the development process. The component intelligence data powered by Sonatype IQ Server is easily available to the developers and helps with planning and prioritizing the remediation tasks.
Sonatype IQ Server's policy enforcement maintains compliance of all applications with the organization's AppSec policies.
Sonatype Developer lets you integrate IQ Server capabilities with your
CI/CD pipelines
Integrations available for: Azure DevOps, Jenkins
SCM tools
Integrations available for: GitHub, GitLab, Bitbucket, Azure DevOps
Issue tracking
Integrations available for: Atlassian Jira
IDEs
Integrations available for: IntelliJ IDEA, Eclipse, Visual Studio
Key Features
Monitoring
Sonatype Developer provides insights into the extent of adoption of the integration tools and the remediation timelines via a dashboard on the landing page.
Configure your Applications
Configure your applications with any of the integration tools listed above, in the Applications Configuration section.
You can view key evaluation findings like time of last commit, time of last evaluation, and total no. of violations (total risk.)
Prioritize your Backlog
Sonatype's proprietary Priority Algorithm determines the priority of the violations that need immediate attention. Click on the View Priorities link for violation details and recommendations for remediation.
Perform Reachability Analysis
Using the Jenkins plug-in, you can limit the scope of the IQ Server scan to a function or a method, to determine reachable components.
Learn more about Reachability analysis (call flow analysis) here.
Stay Updated
For latest features, improvements and bug fixes check out the Release Notes.
Automate with REST APIs
Relevant REST APIs