sticky : sticky
Skip Navigation

Strengthen open source software security with Sonatype Lifecycle Foundation

Configure custom policies and identify open source software security and compliance risks in your applications at every new build and deployment. Sonatype Lifecycle Foundation reduces software supply chain security risk throughout the application lifecycle. 
CUSTOM POLICIES

Establish your risk tolerance

Create custom security, license, and architectural policies to identify software risks at CI and deployment. Open source application lifecycle management provides the flexibility you need to keep your software secure and minimize open source license compliance risk.
The Sonatype policy interface showing the AGPL license’s threat level and configurable actions for the stages of the software development lifecycle.
The components interface displaying open source risk levels, with a graph showing 'Mean Time to Resolution by Month.'
PRECISE REPORTS

Gain visibility into components and trends

Automatically generate a precise software bill of materials (SBOM) with everything you need to know about which components and dependencies are being used and their risk levels. View trends related to Mean Time to Resolution (MTTR) and easily show risk reduction to senior management.
REMEDIATION GUIDANCE

Resolve vulnerabilities with expert advice

Access the most advanced remediation guidance provided by our world-class security research team including exploit path, root cause, and actionable information to resolve the vulnerability. Give your frontline developers exactly what they need to remediate open source software security threats fast.
The Vulnerability Information panel detailing a Remote Code Execution (RCE) vulnerability.

Add automation with Sonatype Lifecycle

Features
lf-img-2
Sonatype lifecycle
Customized policy yes yes
Integrates with CI/CD yes yes
Software bill of materials yes yes
Remediation guidance
Waivers, license overrides
yes yes
Integration to the IDE no yes
Automatic enforcement
Fail builds, creates JIRA tickets, emails
no yes
Continuous monitoring no yes
Integration via webhooks no yes
Application grandfathering no yes
High Availability no yes
Features
Customized policy yes
Integrates with CI/CD yes
Software bill of materials yes
Remediation guidance
Waivers, license overrides
yes
Integration to the IDE no
Automatic enforcement
Fail builds, creates JIRA tickets, emails
no
Continuous monitoring no
Integration via webhooks no
Application grandfathering no
High Availability no
Features
Customized policy yes
Integrates with CI/CD yes
Software bill of materials yes
Remediation guidance
Waivers, license overrides
yes
Integration to the IDE yes
Automatic enforcement
Fail builds, creates JIRA tickets, emails
yes
Continuous monitoring yes
Integration via webhooks yes
Application grandfathering yes
High Availability yes

Explore the Sonatype platform.

sonatype-repository-logo

Build fast with centralized components.
sonatype-firewall-logo

Intercept malicious open source at the door.

sonatype-lifecycle-logo

Reduce risk across software development.

sonatype-sbom-manager-logo

Simplify SBOM compliance and monitoring.