Sonatype

Sonatype Lifecycle product logo

Using Sonatype Lifecycle in Your IDE

Current Status
Not Enrolled
Price
Free
Get Started
What’s the expectation for today’s Developers?  Quickly and independently develop, test, and deploy code into production – safely and securely – for you and your team.
Doing the security part up front rather than wait until the end of the process where code has already been moved to production.
How do you accomplish that?Use a tool that can automate open source governance, enforce policies, and remediate vulnerabilities, BEFORE  you send to production.
But Why?Long story short – it saves you time. 
“I could do stuff manually, but with more pain and I’d rather be coding.”
Shifting left helps you make better choices early, saving time further down the life cycle.
Developers innovate more, waste less time chasing false positives, and improve productivity by 38%

This course will describe how shifting-left and selecting better components for your applications before they are tightly integrated into the application codebase, will drastically reduce friction and process costs further down the release cycle.

We will review how to analyze component risks within your Integrated Development Environment (IDE) including – security, license, and compliance with established organizational policies which will help you remediate quickly and effectively.

For this course, we’ve demonstrated using the Eclipse IDE. Though, it’s important to note that Sonatype Lifecycle also integrates with IntelliJ and Visual Studio plugins.

Objectives

By the end of this course, you will be able to:

  • Describe the impact of making better component choices earlier in the SDLC
  • Describe how Sonatype Lifecycle IDE Integration fits into the Sonatype Platform
  • Articulate the differences between an IDE Integration analysis and a Continuous Integration scan
  • Select the best integration option for your particular project
  • Determine the right place and time to introduce developer tooling into your DevSecOps process to make better component choices earlier in the SDLC
  • Make informed decisions about which component versions to target for an upgrade
  • Use the IDE plugin to review policy violations
  • Locate the Policy Violations, License Analysis and Security Issues section in the Component Info tab
  • Identify OSS policy threats (security, legal, and architectural), current version used, and whether better versions of your components are available
  • Differentiate between direct and transitive dependencies
  • Upgrade components using the migrate functionality within the IDE plug-ins

Prerequisites

Intro to Lifecycle
Organization Policies in Lifecycle

Target Audience

The target audience for this course includes developers, software engineers, and others who want to know more about using Sonatype Lifecycle in their IDEs.

Estimated Time to Complete

45 minutes

System Requirements

It is assumed that your IDE Plugin is installed and configured. Step-by-step directions are available:

The product version used in this course may be different than your own. The screens may have a different display, but the content and concepts remain generally the same.

The Sonatype platform is available in cloud, self-hosted, and disconnected deployment options. Be advised that the visuals in this course could be sourced from any (or all) of the three. The screens may have a different display, but the content and concepts remain generally the same.

Setting Expectations

For this course, the screens we’ve demonstrated use the Eclipse IDE.  Note that Lifecycle also integrates with IntelliJ and Visual Studio plugins.

Refer to our Glossary for more information on any of the terms used throughout this course.

Ratings and Reviews

4.6
Avg. Rating
13 Ratings
5
9
4
3
3
1
2
0
1
0
What's your experience? We'd love to know!
Maria
Posted 6 months ago
ide plugins

Good introductory course. It's also usefull to retake more than once, when you are more familiariased.

×
Preview Image
Akshaya
Posted 8 months ago
Lifecycle IDE Integration

Chrome extension gives smooth lifecycle vulnerabilities search.

×
Preview Image
Ingmar
Posted 2 years ago
Shift left with security is a key priority

Integrations in the IDE are the first line of defense. Substituting valuable time in the pipeline for early vulnerability discovery, making refactoring less painful and time-consuming, is adding value to the delivery of the team.

×
Preview Image
Adam
Posted 2 years ago
I'm hitting lots of problems integrating IQ and RM with Visual Studio Pro 2017

A hands on exercise with an actual simple minimal 'hello world' with Nuget package manager would be nice.

×
Preview Image
Mykyta
Posted 2 years ago
Great course

Great course

×
Preview Image
Pascal
Posted 2 years ago
Simple path

Security by design, just choose the rigth stuff and remove the old one. Quickly and with clear guideline. Save hours when you start to develop, and could fix quickly the legacy.

×
Preview Image
Ejaz
Posted 2 years ago
Good coverage on IDE integrations

Great course and I have my IDEs all integrated!

×
Preview Image
John
Posted 3 years ago
Great course, very helpful

I was able to get a good understand of the IDE integration with IQ server

×
Preview Image
yashpal
Posted 3 years ago
Integration with IDE

Learned to detect earlier security Flaws in our application

×
Preview Image
Christopher
Posted 3 years ago
Great to learn about the Developer point of view using an IDE

I don't have much experience with IDEs yet and this course enabled me to set up an IDE, configure Nexus and use it within the IDE.

×
Preview Image
Show more reviews
What's your experience? We'd love to know!