Announcing a New Integration with GitLab Ultimate!

Sonatype Lifecycle & Repository Firewall
1

We’re excited to announce our new integration with GitLab Ultimate! With this update, you can now view detailed vulnerability findings from Lifecycle scans right in your GitLab Vulnerability Report. Plus, your project’s Dependency List will display scan results, highlighting any vulnerabilities found for your components. This enhancement helps streamline your security workflows by keeping critical information in one place, making it easier to manage and address vulnerabilities within your GitLab projects.

You can read more details here. Please let us know in the thread below if you have any questions.

image (30)
image (30)1315×1119 101 KB

image (31)
image (31)1628×1081 108 KB

1 Like
2

Hi,

we want to use this exciting new integration, but when i put it in my pipeline i am getting:

This GitLab CI configuration is invalid: Component ‘<OUR_SERVER>/sonatype-integrations/components/evaluate-ultimate@main’ - content not found.

Our Gitlab Version is on v17.8.2-ee (Ultimate).

Do i have to configure something on Gitlab site?

Greets, Marcus

3

Good afternoon,

We tried out this integration but hit an apparent bug in the timestamp parsing code. I created an issue in GitLab (DateTimeParseException while running create-vulnerability-report (#2) · Issues · sonatype-integrations / Sonatype CI Components · GitLab) but I am not sure anyone is monitoring that. I also asked our Sonatype liaison to create a support ticket.