:
Skip Navigation
Resources Blog Enhance security with the Sonatype Lifecycle and GitLab ...

Enhance security with the Sonatype Lifecycle and GitLab Ultimate integration

Enhance security with the Sonatype Lifecycle and GitLab Ultimate integration
3:34

For an organization to place greater emphasis on software supply chain security, seamless integrations that enhance visibility and streamline workflows remain essential. Sonatype is thrilled to unveil an enhanced integration between Sonatype Lifecycle and GitLab Ultimate, which offers comprehensive vulnerability insights directly within GitLab's native environment.

By embedding Sonatype Lifecycle results directly into GitLab's native reports, teams can now manage open source components and security more efficiently without switching between platforms.

Key highlights of this integration include:

For organizations leveraging both Sonatype Lifecycle and GitLab Ultimate, this integration ensures critical vulnerability data is accessible within the familiar GitLab environment.

Why should you care?

This integration is particularly useful for two groups of users:

  • Established GitLab workflow users: Teams with workflows centered around GitLab can now receive Sonatype Lifecycle scan results without needing to leave GitLab, reducing context-switching and improving efficiency.

  • Non-users of Sonatype Lifecycle: For users without access to Sonatype Lifecycle, the integration provides a way to see critical vulnerability findings and manage risks directly within GitLab.

Centralized security insights

For teams using GitLab as their central platform, the new integration ensures security insights are available within the same workflows upon which they already rely. Users no longer need to navigate between GitLab and Sonatype Lifecycle, simplifying how they manage vulnerabilities in their projects.

Improved accessibility for non-users of Sonatype Lifecycle

Not every team member may have direct access to Sonatype Lifecycle, but with this integration, they can still benefit from its detailed vulnerability scanning results.

By displaying this information directly in GitLab, those who don't have Sonatype Lifecycle access can still contribute to security processes.

Key features of the integration

Vulnerability report integration

One of the most notable features of this integration is the addition of Sonatype Lifecycle vulnerability findings to GitLab's Vulnerability Report. This report provides a list of policy violations similar to those seen in Sonatype Lifecycle's native reports, offering a streamlined way to monitor and address vulnerabilities within the GitLab environment.

Dependency list enhancements

In addition to the Vulnerability Report, the GitLab Dependency List for each project will now include data from Sonatype Lifecycle scans. Any vulnerabilities detected within your project's dependencies will be highlighted, making it easier to manage and remediate issues across your software supply chain.

Availability and requirements

This updated integration is available exclusively for:

  • GitLab Ultimate users

  • Sonatype Lifecycle customers

If your organization is using both platforms, this integration is designed to optimize your security workflows and improve collaboration across teams.

To dive deeper into the technical details of this integration, you can explore our Sonatype for GitLab CI documentation or check out the announcement in our Sonatype Community.

Picture of Aaron Linskens

Written by Aaron Linskens

Aaron is a technical writer on Sonatype's Marketing team. He works at a crossroads of technical writing, developer advocacy, software development, and open source. He aims to get developers and non-technical collaborators to work well together via experimentation, feedback, and iteration so they can build the right software.