Sonatype IQ Server Release 183

56 views
Skip to first unread message

Dariush Griffin

unread,
Oct 21, 2024, 11:23:45 AM10/21/24
to clm-anno...@glists.sonatype.com

The latest version of Sonatype IQ Server version 183 has been released and is freely available for download for all existing users.


Check your Java Versions Before Upgrade

Starting from release 179 onwards, support for running Sonatype IQ Server and Sonatype IQ CLI on Java 8 and 11 has been phased out. We strongly recommend running Sonatype IQ Server and IQ CLI on Java 17 or higher.

There is no change in the supported versions of Java for application scanning and analysis.


Phasing Out Older Versions of PostgreSQL

Effective December 2024, the minimum version supported for PostgreSQL will be 14.x


New Features in Release 183


Sonatype presents Sona Components

Golden (meaning sona in Hindi) components will now appear as recommendations for version change, to remediate a policy violation. Golden components are the components that our version scoring system classifies as recommened-non-breaking-with-dependencies


Spotting Golden Versions:


A Golden Version of a component, if available, will be visible:

  • In the Priorities View of Sonatype Developer

  • On the Component Details page in Sonatype Lifecycle

  • In the IQ Server IDE plugins (IntelliJ IDEA and VS Code), in the IDE to enable applying the fix while staying in the context of the development environment

  • In the IQ Server SCM plugins (GitHub, GitLab, Bitbucket, and Azure Devops), as PR comments

.

Applying Waivers Has Gotten Easier in Sonatype Lifecycle

A predefined Waiver Reason that could represent a specific use-case in the users’ environment, can be associated with a Waiver. The ability to add a reason to apply a waiver in the existing waivers workflow improves transparency and accountability in maintaining a good security profile. It also helps in making informed decisions during the remediation process.


We have introduced a new Waiver Reasons REST API that retrieves the predefined waiver reasons.


The Policy Waiver REST API has also been updated to include a new parameter WaiverReasonId, that can be used to assign a reason when creating a waiver.


SBOM Manager Enhancements

  • Binary archives may be analyzed using SBOM Manager to generate a Bill of Materials

  • Exporting PDF reports has been added to the SBOM Bill of Materials

  • Bill of Material reports now support importing and displaying unknown components from binary archives

For more detailed information on release 183 and tracking resolved issues, refer to the release notes.

--

Dariush Griffin

Senior Product Manager
Mobile: 512.299.0429

 Sigstrlogo2x1657561912.png

Read the guide that defines rapidly changing open source.

Reply all
Reply to author
Forward
0 new messages