• Have questions about this item?

  • Contact us

Description

Sonatype Lifecycle is a leading Software Composition Analysis (SCA) tool providing enterprises with real-time visibility and control over open-source dependencies across the Software Development Lifecycle (SDLC). Compliment your SaST, DaST and IaST finding in Fortify SSC with the world’s leading Open Source security vendor.

This solution is ideal for organizations seeking comprehensive, automated protection against software supply chain risks. With Lifecycle, you can:

  • Automatically identify vulnerabilities
  • Apply policies on security, legal, quality, and architectural constraints
  • Prioritize fixing issues efficiently without false positives
  • Integrate security into existing CI/CD workflows

Lifecycle’s advanced dependency management and AI-driven insights help developers maintain high code quality and security while accelerating delivery. This solution is ideal for organizations seeking comprehensive, automated protection against software supply chain risks.
Sonatype for Fortify SSC integration accomplishes this with:

  • A Service which looks for new reports in Nexus Lifecycle and pushes findings to Fortify SSC on a periodic basis (configurable)
  • A configurable mappings file to correlate application/phase reports in Lifecycle with application/version in SSC
  • A plugin for Fortify SSC which parses Lifecycle findings

This plugin is free for all Sonatype Lifecycle customers.

Minimum Requirements

The plugin parser and integration have been developed and tested with Fortify SSC versions 19 and later

Suggested apps

Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.

Releases

Release
Size
Date
SonatypeFortifyBundle 5.1.3
Jan 23, 2025
More info Less info
Product compatibility
Fortify Software Security Center
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes
  • Fixed an issue where an older report was uploaded to Fortify SSC. The sync service now correctly prioritizes and only uploads the latest available report
  • Added the Sonatype Policy Name to the violation detail view
Languages
English
SonatypeFortifyBundle 5.1.2
Nov 14, 2024
More info Less info
Product compatibility
Fortify Software Security Center
Version 19.10 · 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes
  • Fixed an issue where the expected scan report was not being synchronized if the most recent one was an identical report generated by continuous monitoring
Languages
English
SonatypeFortifyBundle 5.1.1
Oct 7, 2024
More info Less info
Product compatibility
Fortify Software Security Center
Version 19.10 · 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes

- Fixed issue where sync service did not terminate as expected when the `killProcess` flag was set to `true`
- Added support for `fortifyApplicationId` when using the `startScanLoad` endpoint

Languages
English
SonatypeFortifyBundle 5.1.0
Sep 11, 2024
More info Less info
Product compatibility
Fortify Software Security Center
Version 19.10 · 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes
  • Fortify Application ID can now be used to map JSON instead of the application name
  • Added support for synchronizing all violation categories, not only security
  • Uploads of reports generated by continuous monitoring will be skipped if the data is identical to the previously uploaded report
  • Fortify Audit Details are now clickable links for Fortify versions 23.0 and later
  • Included license information for the report in the synchronized artifact. This can be configured via the include.license.information property
Languages
English
SonatypeFortifyBundle 5.0.1
May 22, 2024
More info Less info
Product compatibility
Fortify Software Security Center
Version 19.10 · 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes
  • Resolved issue that sometimes caused a Null Pointer Exception during synchronization of violations for custom policies
Languages
English
SonatypeFortifyBundle 5.0.0
Apr 29, 2024
More info Less info
Product compatibility
Fortify Software Security Center
Version 19.10 · 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes
  • Consolidated artifact and suppression upload into a single call
Languages
English
SonatypeFortifyBundle 4.3.1
Feb 5, 2024
More info Less info
Product compatibility
Fortify Software Security Center
Version 19.10 · 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes
  • Memory usage optimizations
Languages
English
SonatypeFortifyBundle 4.3.0
Oct 27, 2023
More info Less info
Product compatibility
Fortify Software Security Center
Version 19.10 · 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes

- Performance Improvements
- scheduling.job.cron is replaced with scheduling.fixed.rate.minutes

Languages
English
SonatypeFortifyBundle 4.2.13
Aug 22, 2023
More info Less info
Product compatibility
Fortify Software Security Center
Version 19.10 · 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes
  • Added a new endpoint for triggering synchronization for a given project on-demand
Languages
English
SonatypeFortifyBundle 4.2.12
Jun 26, 2023
More info Less info
Product compatibility
Fortify Software Security Center
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes

- CVSS scores when only Sonatype CVSS Score Exists fixed

Languages
English
SonatypeFortifyBundle 4.2.11
Jun 20, 2023
More info Less info
Product compatibility
Fortify Software Security Center
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes
  • CVSS scores being printed in wrong fields bug fixed
  • Enhanced Logging
Languages
English
SonatypeFortifyBundle 4.2.10
May 24, 2023
More info Less info
Product compatibility
Fortify Software Security Center
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes

## Changelog
- Bug fix related to fetching most recent report from the IQ Server
- Overall performance improvements

Languages
English
SonatypeFortifyBundle 4.2.9
May 2, 2023
More info Less info
Product compatibility
Fortify Software Security Center
Version 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes
  • Bug fix for fetching all issues from Fortify SSC
  • Addition of configuration flag loadfile.cache which can be set to false to prevent IQ reports from being cached
Languages
English
SonatypeFortifyBundle 4.2.7
Feb 13, 2023
More info Less info
Product compatibility
Fortify Software Security Center
Version 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Release notes

Performance Improvements: mapping files are now processed in parallel and the process is now up to 10x faster

Languages
English
SonatypeFortifyBundle 4.2.6
Nov 29, 2022
More info Less info
Product compatibility
Fortify Software Security Center
Version 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes
  • BUG FIX: Handled null pointer exceptions caused by potentially null fields found while scanning composer format components.
Languages
English
SonatypeFortifyBundle 4.2.5
Oct 12, 2022
More info Less info
Product compatibility
Fortify Software Security Center
Version 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes
  • BUG FIX: Allow blanks and special characters in names of Fortify applications mappings
Languages
English
SonatypeFortifyBundle 4.2.4
Oct 10, 2022
More info Less info
Product compatibility
Fortify Software Security Center
Version 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Release notes

Updating artifacts upload logic to upload when:

  • An external policy evaluation is triggered e.g. via IQ CLI, CI pipelines
  • Continuous monitoring identifies a new policy violation
Languages
English
SonatypeFortifyBundle 4.2.2
Aug 12, 2022
More info Less info
Product compatibility
Fortify Software Security Center
Version 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes
  • The Integration works with a large number of applications (bug fix).
  • The Integration is compatible with Fortify SSC 22.1.2
Languages
English
SonatypeFortifyBundle 4.2.0
May 6, 2022
More info Less info
Product compatibility
Fortify Software Security Center
Version 19.10 · 19.20
Version 20.20
Version 21.2
Release notes
  • Skip upload to SSC for reports generated by Continuous Monitoring (unless changes are detected)
  • Improved logs to make them less verbose and easier to read
  • Added support to read login credentials from environment variables (Environment variables have preference over the properties file).
  • Added support for synchronization with IQ Webhooks.
  • Updated Spring boot from version 2.5.6 to 2.6.6 in response to CVE-2022-22965
Languages
English
SonatypeFortifyBundle 19.2.0.9
21.6 MB
  |  
Nov 13, 2019
More info Less info
Product compatibility
Fortify Software Security Center
Version 18.10 · 18.20
Version 19.10 · 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1 · 23.2
Version 24.2 · 24.4
Release notes

Fixed issue where all vulns were coming in as Vulnerable OSS with a CVE number attached. Added a 'recommended version' to the remediation guidance

Languages
English
Files

Resources

Nexus Intelligence

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.
Unsubscribe Cancel

Marketplace Terms of Service

In order to continue, you must accept the updated Marketplace Terms of Service.
Since you are downloading an app from the OpenText Marketplace, you need to accept the updated Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Accept Cancel
Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2025-1-2-6313 | Fri Jan 17 11:06:28 PST 2025