Sonatype IQ Server 195 Release Notes
Released September 9, 2025
The IQ 195 release includes multiple changes to our IQ-powered solutions. View the details in each solution’s section below.
Changes Impacting Multiple Solutions
Modernized User Interface for Top and Side Navigation
In this release, we’ve introduced a refreshed top and side navigation in the user interface across Sonatype Lifecycle, Sonatype SBOM Manager, Sonatype Developer, and Sonatype Repository Firewall. While the navigation structure remains the same, you’ll notice updated visuals and iconography designed to create a more modern, consistent experience across the platform.
 |
This update lays the groundwork for future enhancements and reflects our ongoing commitment to improving usability without disrupting familiar workflows.
Dark Mode Now Available Across IQ-Powered Solutions
Users can now enable dark mode when working in Sonatype Lifecycle, Sonatype Developer, Sonatype SBOM Manager, and Sonatype Repository Firewall. Each user can choose between light or dark mode by navigating to the Manage User Account settings.
 |
Once selected, your preference will persist across all supported Sonatype solutions and remain active after logging out and back in.
This new feature lets you choose the visual experience that best suits your preferences.
Support for Fingerprinting Java 23 and 24
Sonatype IQ Server and the integrations listed below now support Java 23 and 24 bytecode fingerprinting:
Sonatype Lifecycle
This release includes the following changes for Sonatype Lifecycle:
Note
New Insight for IQ 184+: Legal Risk Trends Dashboard Tracks Policy Compliance and Remediation Performance
Our new Legal Risk Trends dashboard provides a comprehensive view of how your teams are managing open-source license compliance over time. By visualizing trends in open legal violations, waiver activity, and remediation performance, this dashboard helps you evaluate the effectiveness of your legal risk mitigation strategies across applications and teams.
 |
Key metrics like Triage Rate and Mean Time to Triage make it easy to identify which types of violations take longest to resolve and where you may need to adjust internal processes or policy enforcement settings. With support for rich filtering by date range, organization, application, threat level, violation type, and more, you can drill into the data to uncover high-risk areas and improve license compliance outcomes at scale.
This dashboard is available to users on IQ version 184 and higher. For details on available charts, filtering options, and data requirements, see the Legal Risk Trends help documentation.
Updated Enterprise Reporting Landing Page Enhances Usability
We’ve redesigned the Enterprise Reporting landing page in Sonatype Lifecycle to simplify navigation and improve the overall user experience.
Reports that are part of a logical group now appear under a single card with a drop-down menu, allowing you to select the specific report view you need. For example, the Security Risk card now consolidates the Trends and Breakdown dashboards under one entry.
This new layout provides a clear structure, enabling faster access to related insights.
Sonatype Developer
This release includes the following changes for Sonatype Developer.
Enhanced GoldenPRTM Management Options in Sonatype for SCM
Those leveraging our Sonatype for SCM integration with GitHub can now take advantage of advanced configuration options to help teams better manage IQ-generated Golden pull requests in GitHub repositories:
Automatically close AutoPRs when required checks fail
Enable this option to automatically close AutoPRs if any required checks (e.g., CI validations or security scans) fail. This prevents failing pull requests from remaining open and cluttering the repository.
Automatically close stale AutoPRs after a configurable time period
You can now define how long an AutoPR should remain open before being automatically closed. If a pull request is not merged or manually closed within the configured number of days, it will be closed automatically. This setting is disabled by default and must be explicitly enabled to take effect.
This new feature is currently only available for GitHub repositories. Learn more in the Sonatype for SCM help documentation.
Sonatype SBOM Manager
This release does not include any notable changes for Sonatype SBOM Manager.
Sonatype Repository Firewall
This release includes the following changes for Sonatype Repository Firewall:
Support for OCI Image Manifest Specification and RPM Packages in Container Scanning
Sonatype Repository Firewall now supports container images that use the OCI Image Manifest Specification and Linux distributions that use the RPM package format. This enhancement extends compatibility beyond existing support for Docker Manifest List Schema V2.
With this update, customers scanning container images can expect consistent analysis across OCI-compliant manifests and improved visibility into vulnerabilities and license risks within RPM-based layers.
For more information, see the Firewall for Docker help documentation.
Bug Fixes
This release includes the following notable bug fixes:
Issue ID | Description |
|---|---|
CLM-35753 | The |
CLM-35272 | Proprietary component matching no longer applies to the scanned file’s name or path during third-party analysis, preventing scan failures caused by filename conflicts with configured regular expressions. |
Coming Soon
We’re excited to share that the following enhancements will be coming soon to Sonatype Lifecycle:
Golden Fixes Dashboard
The Golden Fixes dashboard will highlight open-source vulnerabilities that you can remediate through simple version updates. This new dashboard will help teams quickly identify high-impact, low-effort fixes.
Bulk Waivers
Bulk Waivers will allow admins to waive multiple identical policy violations in a single action, reducing repetitive tasks and streamlining waiver management.