Skip to main content

Automated Source Control Feedback

Sonatype Lifecycle provides policy violation information directly in your Source Control Management System. This lets developers find out about policy violations during the code development process.

The policy violation information includes policy evaluation summaries on new pull requests, comments on your pull requests, and opening new pull requests. Learn more about each feature below:

Feature	Description
Policy Evaluation Summaries	Performs a Policy Analysis on new Pull Requests. This is a Status Check, Build Check, or Pipeline step depending on your source control provider. Optionally set as required to merge the pull request.
Pull Request Commenting	Comments on a pull request when the request introduces a new policy violation. The comment will identify the component introducing the violation.
Pull Request Line Commenting	Comments on the specific line of code introducing a new policy violation in a pull request. Available for Maven, Go, npm and Gradle.
Automatic Pull Requests	Opens a new pull request to update the dependency to a version without a policy violation. Available in npm, Maven, Gradle, and Go.

Prerequisites

All features require the Lifecycle Application is configured with an Access token and repository URL.

The table below identifies where features can be enabled and disabled:

Feature	Automatic Pull Requests	Automated Commit Feedback	Pull Request Commenting	Pull Request Line Commenting
Configuration	Configured at the Organization	Configured in SCM Provider.	Configured at the Organization	Enabled when Pull Request Commenting is enabled.

Would you like to provide feedback? Just click here to suggest edits.