Sonatype IQ Server Release 179

21 views
Skip to first unread message

Dariush Griffin

unread,
Jul 12, 2024, 10:46:19 AM7/12/24
to clm-anno...@glists.sonatype.com
Hi all,

The latest version of Sonatype IQ Server version 179 has been released and is freely available for download for all existing users.


Announcements


Introducing our latest offering, Sonatype Developer

Sonatype Developer brings a developer-centric experience to manage the quality of open source components.  Developers can easily access prioritized and actionable suggestions to improve the quality and security posture of their applications, and eliminate rework.


Learn more about Sonatype Developer.


Change in Data Drip Schedule for Shaded Vulnerabilities

We’ve greatly appreciated the feedback to the proposed data drip schedule for Shaded Vulnerability Detection. Based on that feedback, we have rescheduled the release of shaded vulnerability data. Lifecycle users will experience an increase in the number of policy violations, when the vulnerability data is rolled out.


New Features in this Release 


Reachability Analysis

Sonatype Platform Plugin for Jenkins now offers the ability to enable Reachability Analysis ( previously known as Call Flow Analysis) for preview. By enabling this feature in the Jenkins pipelines, the application scans will detect method signatures in the application code that contain components with potentially exploitable security vulnerabilities.


Improvements in this Release 


Component Remediation REST API 

The Component Remediation REST API can be used to determine whether the component identifier provided is a direct or transitive dependency, in addition to the remediation suggestions. If the implicated component is a transitive dependency, the response will contain remediation details based on the nearest parent dependency.


Source Control REST API

All users who are designated as “contributors” of a GitHub repository can now automatically be assigned a “developer” role on a specific application in Lifecycle. Learn more about Automatic Role Assignment.


Notable Bug Fixes in this Release

  1. Fix for an issue related to scanning Docker images containing absolute paths

  2. Fix for scanning Docker images on Windows OS


For more detailed information on release 179 and tracking resolved issues, refer to the release notes.

--

Dariush Griffin

Senior Product Manager
Mobile: 512.299.0429

 Sigstrlogo2x1657561912.png

Read the guide that defines rapidly changing open source.

Reply all
Reply to author
Forward
0 new messages