Free app
OVERALL RATINGS
INSTALLS
79
SUPPORT
- Partner Supported
Key highlights of the appPrioritize and track open source policy violations from Sonatype Lifecycle in Jira
Receive your Sonatype IQ policy violations in Jira
Your Sonatype IQ policy violations will appear in Sonatype IQ notifications in Jira, letting your team know where the violations are and how to prioritize.
Empower developers to take action.
Component-level violation details help development teams understand which open source components are problematic, allowing them to take immediate action and reduce MTTR.
Map notifications to the right remediation team.
Configure the Sonatype for Jira Add-on to work how your team works- customize how violation tickets are created and which projects they appear in.
Supporting media
More details
Note: Sonatype for Jira Cloud is now available.
Build open source security into your development pipeline. With the Nexus IQ Add-on, developers and security administrators can use Jira to prioritize and track their open source policy violations from Nexus Lifecycle scans.
How does it work? In Nexus IQ Server, administrators identify which types of policy violations should trigger the creation of a JIRA ticket. The Nexus IQ JIRA add-on allows the mapping of IQ Applications and Organizations to a JIRA project (from the add-on's administration screen). From there, teams can track the progress of remediation efforts right in JIRA.
More than 10 million software developers rely on Sonatype to innovate faster while mitigating security risks inherent in open source. Sonatype's Nexus platform combines in-depth component intelligence with real-time remediation guidance to automate and scale open source governance across every stage of the modern DevOps pipeline. Learn more at www.sonatype.com.
Resources
Download
Get the .jar file downloaded to your system
App documentation
Comprehensive set of documentation from the partner on how this app works
EULA
Get the End User License Agreement for this app
Privacy and Security
Privacy policy
Atlassian's privacy policy is not applicable to the use of this app. Please refer to the privacy policy provided by this app's partner.
Partner privacy policySecurity program
This app is not part of the Marketplace Bug Bounty program.
Version information
Version 2.1.0•for Jira Data Center 10.0.0 - 10.2.0
- Release date
- Dec 3rd 2024
- Summary
- Usability improvements
- Details
- Added support in the user interface for deleting an existing project mapping
- Updated CVE/Sonatype IDs to be clickable links that direct users to the IQ Server Vulnerability Lookup page
- Implemented validation on the configuration page to prevent the creation of a webhook without a secret
- Payment model
- Free