Skip to main content

Sonatype IQ Server Feature Status

Note

The Sonatype Product Development Lifecycle (PDLC), including definitions of each stage, is fully defined in Sonatype Sunsetting Information

For more information about Sonatype Support services, please see Sonatype's Software Support Policy.

The Sonatype PDLC is designed to keep us continually improving our products and ensure our customers have access to our best features and functionality. This also helps us provide quality support services for our features and products. To this end, Sonatype will sunset and remove some Sonatype IQ Server features as they become obsolete.

Sonatype IQ Server Feature

Status

Initial Release Date and Version

Beginning of Extended Maintenance

Sunset Date

Reasoning for Sunset

Next Steps

A-Name Identification

Sunset

Diminished usage of a-name in favor of more mature packaging formats for JavaScript (e.g., npm)

Effective September 2025, a-name results will no longer appear in new policy evaluations and fail to function in existing evaluations. Applications with a large number of a-name results should use other scanning/evaluation techniques in our npm analysis guide.

To preserve current evaluation results for historical purposes, export data using SBOM export functionality.

Reach out to us with any questions or concerns.

Sunsetting Legacy Evaluation Report

Sunset

In-product policy-centric evaluation reports include all contents of the legacy evaluation report and offer an improved user experience.

If you encounter any missing data from the current evaluation reports offered by Lifecycle, that was previously included in the Legacy Evaluation Report, please submit an idea on our Ideas Portal or feel free to reach out to your customer success representative.

Shaded Vulnerability Detection Dashboard

December 2024

All phases of shaded vulnerabilities rollouts complete.

Sunsetting LORT

Sunset

October 2024

LORT capabilities are now included in Sonatype Advanced Legal Pack (ALP).

Some users were advised to use LORT to remediate the "License Threat Not Assigned" policy violation. Since LORT is not available, we recommend using the License Threat Group (LTG) updater in the Update Your IQ License Threat Groups post. As an alternative to using the LTG updater, users can also refer to the license short identifier in the LTG mapping file (found in the same post) to manually add a license to a LTG.

Java 11 on IQ Server (self-hosted and cloud)

Extended Maintenance

March 2019

June 2024

July 2024

OpenJDK 11 reaches end of life in October 2024. While Java 11 is a long-term support version, Sonatype plans to invest its efforts in supporting newer Java versions in the longer term.

Starting with our July release, if you wish to upgrade to the latest self-hosted IQ release, you will need to upgrade to a newer version of the Java runtime environment.

No action is required for Cloud customers.

Java 8 for IQ Server (self-hosted and cloud)

Extended Maintenance

-

June 2024

July 2024

The End of Public Updates process for Java 8 has been initiated based on Oracle Java SE Support Roadmap. Sonatype IQ Server will continue to run on Java 8 for legacy releases, but will not be supported.

Starting with our July release, if you wish to upgrade to the latest self-hosted IQ release, you will need to upgrade to a newer version of the Java runtime environment.

No action is required for Cloud customers.

Java 8 and 11 for Sonatype CLI

Extended Maintenance

-

June 2024

See above entries for Java 8 and 11 for IQ Server.

If you wish to upgrade to the latest Sonatype CLI release, you will need to upgrade to a newer version of the Java runtime environment.

Starting with our July release, the Sonatype CLI will be split into legacy and latest-version lines. The legacy line will maintain compatibility with Java 8 and 11 and enter extended maintenance as defined in our Sunsetting Information documentation.

Data Insights (Experimental)

Sunset

November 2022 (Release 150)

N/A

January 2024 (Release 171)

Data Insights as an experimental feature has been replaced with the newly supported Data Insights feature.

No action is necessary. Customers using versions 171 and above may take advantage of the new Data Insights feature.

Debian and Alpine scanning

Extended Maintenance

April, 2020 (Release 90)

January 9, 2024

March 31, 2024

Data on the Debian and Alpine ecosystems is provided through Sonatype Container and is more up-to-date than what is available through Lifecycle. Sonatype Container also protects runtime environments a capability that Lifecycle does not provide.

Customers should contact their account manager to discuss transitioning to Sonatype Container for scanning their build and runtime environments for Alpine and Debian, ensuring continuity in their SDLC processes.