Sonatype IQ Server Release 182

34 views
Skip to first unread message

Dariush Griffin

unread,
Sep 6, 2024, 3:05:50 PM9/6/24
to clm-anno...@glists.sonatype.com
Hi all,

The latest version of Sonatype IQ Server version 182 has been released and is freely available for download for all existing users.


Check your Java Versions Before Upgrade

Starting from release 179 onwards, support for running Sonatype IQ Server and Sonatype IQ CLI on Java 8 and 11 has been phased out. We strongly recommend running Sonatype IQ Server and IQ CLI on Java 17 or higher.

There is no change in the supported versions of Java for application scanning and analysis.


Unshader is Going Live!

Users will be able to protect their systems from additional threats detected by our Shaded Vulnerability Detection Algorithm, that were previously undetectable by the vulnerability detection tools in the market today. Starting 9/9/2024, the shaded vulnerability data will trigger policy violations for all “Critical” vulnerabilities.


New Features in Release 182


Generate Lifecycle Success Metrics for a specific DevOps Stage

For a targeted review of Success Metrics for a specific stage (source, build, stage-release, release and operate), users can generate these statistics for the desired stage, instead of all stages. Use the new property successMetricsStageID of Configuration REST API, to set a specific licensed stage to generate Success Metrics.


Other Improvements in this Release 


  • Avoid Rework with VEX Annotations in SBOM Manager

Users can copy the VEX Annotations from an application’s previous SBOM to the current one with the Copy Annotation option under the Disclosed Vulnerabilities section.


  • Formats supported by Component End-of-Life Dashboard

The updated Component End-of-Life (EOL) dashboard under Data Insights in Sonatype Lifecycle displays components of npm, NuGet and PyPI format/ecosystems.


Notable Bug Fix

We have tweaked permissions for dashboards under Data Insights in Sonatype Lifecycle, that will now allow users to view data only for applications to which they have access. Dashboards reflecting this change are Component End-of-Life, Machine Learning AI, Dependency Scorecard, and Shaded Vulnerability Detection.


For more detailed information on release 182 and tracking resolved issues, refer to the release notes.

--

Dariush Griffin

Senior Product Manager
Mobile: 512.299.0429

 Sigstrlogo2x1657561912.png

Read the guide that defines rapidly changing open source.

Reply all
Reply to author
Forward
0 new messages