For an organization to place greater emphasis on software supply chain security, seamless integrations that enhance visibility and streamline workflows remain essential. Sonatype is thrilled to unveil an enhanced integration between Sonatype Lifecycle and GitLab Ultimate, which offers comprehensive vulnerability insights directly within GitLab's native environment.
By embedding Sonatype Lifecycle results directly into GitLab's native reports, teams can now manage open source components and security more efficiently without switching between platforms.
Key highlights of this integration include:
Viewing Sonatype Lifecycle vulnerability findings within GitLab's Vulnerability Report.
Displaying Sonatype Lifecycle results in the Dependency List for each GitLab project, allowing for better management of software dependencies.
For organizations leveraging both Sonatype Lifecycle and GitLab Ultimate, this integration ensures critical vulnerability data is accessible within the familiar GitLab environment.
This integration is particularly useful for two groups of users:
Established GitLab workflow users: Teams with workflows centered around GitLab can now receive Sonatype Lifecycle scan results without needing to leave GitLab, reducing context-switching and improving efficiency.
Non-users of Sonatype Lifecycle: For users without access to Sonatype Lifecycle, the integration provides a way to see critical vulnerability findings and manage risks directly within GitLab.
For teams using GitLab as their central platform, the new integration ensures security insights are available within the same workflows upon which they already rely. Users no longer need to navigate between GitLab and Sonatype Lifecycle, simplifying how they manage vulnerabilities in their projects.
Not every team member may have direct access to Sonatype Lifecycle, but with this integration, they can still benefit from its detailed vulnerability scanning results.
By displaying this information directly in GitLab, those who don't have Sonatype Lifecycle access can still contribute to security processes.
One of the most notable features of this integration is the addition of Sonatype Lifecycle vulnerability findings to GitLab's Vulnerability Report. This report provides a list of policy violations similar to those seen in Sonatype Lifecycle's native reports, offering a streamlined way to monitor and address vulnerabilities within the GitLab environment.
In addition to the Vulnerability Report, the GitLab Dependency List for each project will now include data from Sonatype Lifecycle scans. Any vulnerabilities detected within your project's dependencies will be highlighted, making it easier to manage and remediate issues across your software supply chain.
This updated integration is available exclusively for:
GitLab Ultimate users
Sonatype Lifecycle customers
If your organization is using both platforms, this integration is designed to optimize your security workflows and improve collaboration across teams.
To dive deeper into the technical details of this integration, you can explore our Sonatype for GitLab CI documentation or check out the announcement in our Sonatype Community.