Sonatype IQ Server Feature Status
Note
The Sonatype Product Development Lifecycle (PDLC), including definitions of each stage, is fully defined in Sonatype Sunsetting Information
For more information about Sonatype Support services, please see Sonatype's Software Support Policy.
The Sonatype PDLC is designed to keep us continually improving our products and ensure our customers have access to our best features and functionality. This also helps us provide quality support services for our features and products. To this end, Sonatype will sunset and remove some Sonatype IQ Server features as they become obsolete.
Sonatype IQ Server Feature | Status | Initial Release Date and Version | Beginning of Extended Maintenance | Sunset Date | Reasoning for Sunset | Next Steps |
A-Name Identification | Sunset | Diminished usage of a-name in favor of more mature packaging formats for JavaScript (e.g., npm) | Effective September 2025, a-name results will no longer appear in new policy evaluations and fail to function in existing evaluations. Applications with a large number of a-name results should use other scanning/evaluation techniques in our npm analysis guide. To preserve current evaluation results for historical purposes, export data using SBOM export functionality. Reach out to us with any questions or concerns. | |||
Sunsetting Legacy Evaluation Report | Sunset | In-product policy-centric evaluation reports include all contents of the legacy evaluation report and offer an improved user experience. | If you encounter any missing data from the current evaluation reports offered by Lifecycle, that was previously included in the Legacy Evaluation Report, please submit an idea on our Ideas Portal or feel free to reach out to your customer success representative. | |||
Shaded Vulnerability Detection Dashboard | December 2024 | All phases of shaded vulnerabilities rollouts complete. | ||||
Sunsetting LORT | Sunset | October 2024 | LORT capabilities are now included in Sonatype Advanced Legal Pack (ALP). | Some users were advised to use LORT to remediate the "License Threat Not Assigned" policy violation. Since LORT is not available, we recommend using the License Threat Group (LTG) updater in the Update Your IQ License Threat Groups post. As an alternative to using the LTG updater, users can also refer to the license short identifier in the LTG mapping file (found in the same post) to manually add a license to a LTG. | ||
Java 11 on IQ Server (self-hosted and cloud) | Extended Maintenance | March 2019 | June 2024 | July 2024 | OpenJDK 11 reaches end of life in October 2024. While Java 11 is a long-term support version, Sonatype plans to invest its efforts in supporting newer Java versions in the longer term. | Starting with our July release, if you wish to upgrade to the latest self-hosted IQ release, you will need to upgrade to a newer version of the Java runtime environment. No action is required for Cloud customers. |
Java 8 for IQ Server (self-hosted and cloud) | Extended Maintenance | - | June 2024 | July 2024 | The End of Public Updates process for Java 8 has been initiated based on Oracle Java SE Support Roadmap. Sonatype IQ Server will continue to run on Java 8 for legacy releases, but will not be supported. | Starting with our July release, if you wish to upgrade to the latest self-hosted IQ release, you will need to upgrade to a newer version of the Java runtime environment. No action is required for Cloud customers. |
Java 8 and 11 for Sonatype CLI | Extended Maintenance | - | June 2024 | See above entries for Java 8 and 11 for IQ Server. | If you wish to upgrade to the latest Sonatype CLI release, you will need to upgrade to a newer version of the Java runtime environment. Starting with our July release, the Sonatype CLI will be split into legacy and latest-version lines. The legacy line will maintain compatibility with Java 8 and 11 and enter extended maintenance as defined in our Sunsetting Information documentation. | |
Data Insights (Experimental) | Sunset | November 2022 (Release 150) | N/A | January 2024 (Release 171) | Data Insights as an experimental feature has been replaced with the newly supported Data Insights feature. | No action is necessary. Customers using versions 171 and above may take advantage of the new Data Insights feature. |
Debian and Alpine scanning | Extended Maintenance | April, 2020 (Release 90) | January 9, 2024 | March 31, 2024 | Data on the Debian and Alpine ecosystems is provided through Sonatype Container and is more up-to-date than what is available through Lifecycle. Sonatype Container also protects runtime environments a capability that Lifecycle does not provide. | Customers should contact their account manager to discuss transitioning to Sonatype Container for scanning their build and runtime environments for Alpine and Debian, ensuring continuity in their SDLC processes. |