Getting Started

This page is an overview of the Sonatype Lifecycle journey. Adopting Sonatype Lifecycle has three phases:

Integrating Lifecycle in your SDLC will take coordination and cooperation from your stakeholders to get right.

Expect the process to take a couple of weeks to deploy Lifecycle and start to integrate scanning into the build pipeline. When working with a large catalog of applications this step may take a while to get right. Consider starting with a pilot team with a few priority applications to work through the challenges while communicating workflows before attempting a larger rollout.

During this time set expectations with the organization well in advance of any changes being implemented and before they begin receiving notifications about policy violations. Lifecycle is a tool to help your teams manage the open-source risk that already exists in their environments. It may be shocking to find out how much risk is there.

Set reasonable expectations and provide a clear path forward with the time to reasonably address the issues before blocking build and banning components.