Sonatype for GitLab CI
Sonatype for GitLab CI allows you to perform policy evaluations against one or more build artifacts during a GitLab CI/CD pipeline run.
For GitLab Ultimate customers, Sonatype for GitLab CI can populate the Vulnerability Report and the Dependency List under the GitLab Ultimate Security feature.
There are two options for integrating Sonatype with GitLab CI:
CI Components
Available on the GitLab CI/CD Catalog.
Sonatype CI Components are designed to integrate Sonatype solutions into your GitLab CI/CD pipelines. These components allow you to automate tasks like policy evaluation against your code, generating vulnerability reports, and fetching Software Bill of Materials (SBOMs) directly within your CI/CD workflow.
Refer to GitLab Docs for more information about CI Components.
CI/CD Pipelines
Available as a Docker image on the Docker Hub.
With Sonatype in your CI/CD pipeline, you can perform policy evaluations against one or more build artifacts, generate reports, scan containers, and fetch and store SBOM files.
GitLab Ultimate users can also create and update the GitLab's Vulnerability Report. Watch a video about this feature on my.sonatype.com.
Go to the setup guide using Sonatype CI/CD Pipelines.
Note
You can also scan Docker containers using the Sonatype Container Security integration.