Sonatype

Sonatype Lifecycle product logo

Easy SCM Onboarding

Current Status
Not Enrolled
Price
Free
Get Started

Overview

Score an easy win by importing your Source Control Manager (SCM) repositories into Sonatype Lifecycle and get an initial glimpse of the risk they pose. After you load the source code into Lifecycle, access the results of the baseline scan (Instant Risk Profile).

These baseline results identify the highest priority (most vulnerable) applications in the repository. Your development teams will benefit, knowing which applications need to be prioritized when working through your remediation plan.

Course Goals

This course will help you optimize your onboarding experience. Easy SCM Onboarding is designed to quickly onboard, configure, and scan up to 15 repos at a time. This enables rapid visibility into your open source risks for critical applications.

Objectives

By the end of this course, you will be able to:

  • Describe the Easy SCM Onboarding process
  • Onboard (Import) your repositories / applications
  • View the results of the Instant Risk Profile
  • Search the Instant Risk Profile results
PrerequisitesThere is no required coursework prior to beginning of this course. However we do recommend Intro to Sonatype Lifecycle – Foundations for new users, it will likely aid in better understanding the benefits of the Sonatype Lifecycle. 
Target AudienceThis course is designed for new users who are onboarding applications / repositories into Sonatype Lifecycle.
Est. Time to Complete35 minutes
System RequirementsBefore you can scan applications from source control you’ll need the following:

– An account with a supported source control system. Currently, we support GitHub, GitLab, Bitbucket, and Azure DevOps
– A repository in that source control system
– An access token for your source control management system
– An installation of Sonatype Lifecycle version 109 or later
– To set up a local instance of Lifecycle, follow the installation steps in the Lifecycle Quickstart guide. This should primarily be used for testing purposes prior to integrating Lifecycle into your development environment.
– Information about deploying Lifecycle into your production Software Development Life Cycle (SDLC) can be found in the help documentation, Getting Started.
-Permission to change the root organization in your instance of Lifecycle
– You must configure the base URL before attempting to configure notifications for your team. If your Base URL is not set, links that direct back to the IQ Server will not work.

Note: The product version used in this course may be different than your own. The screens may have a different display, but the content and concepts remain generally the same.
Setting ExpectationsThe onboarding scan is a one-time scan of your source code designed to give you an initial picture of an application’s risk.

But an automatic scan will be performed every 24 hours at the source stage until the scan is integrated in the Continuous Integration (CI) pipeline then it’ll stop.

This scan also helps your team prioritize any remediation work that will need to be done.  Use the results with the highest priority (most vulnerable) from the repository to get started.

Ratings and Reviews

4.7
Avg. Rating
7 Ratings
5
5
4
2
3
0
2
0
1
0
What's your experience? We'd love to know!
Akshaya
Posted 7 months ago
SCM onboarding features

Great tool to help you get basic insights into your open-source risk in your applications.

×
Preview Image
Amir
Posted 9 months ago
Well done

Well done

×
Preview Image
Evan
Posted 11 months ago
Great overview

I loved the summary tables in the course wrap-up section

×
Preview Image
Stanton
Posted 12 months ago
aa

aa

×
Preview Image
Fatih
Posted 12 months ago
CI & CLI

Thank you for a nice course.

×
Preview Image
Ingmar
Posted 12 months ago
Using the stages of Nexus IQ Server to get the most out of the product

A good introduction into setting up lightweight scanning of source code repositories for the low hanging fruit of open source violations. In the bigger picture this is a nice and easy setup for initial disclosure of easy to spot OSS vulnerabilities, also integrating with pull request commenting, which could save time for developers when used efficiently,

×
Preview Image
Jeff
Posted 1 year ago
Excellent Overview of SCM Onboarding

Clearly explains what SCM onboarding is and what it's useful for. The overview of the various build stages and their purpose at the end was a welcome addition too.

×
Preview Image
Show more reviews
What's your experience? We'd love to know!