Lifecycle Best Practices; Use the Browser Extension

Hi, folks!

The Customer Education team here is always looking to learn from our most successful customers. Something we know that successful Lifecycle customers are doing is using the Sonatype Platform browser extension.

The Sonatype Platform browser extension for Chrome and Edge (which recently received a major upgrade) is a free, open-source resource for Lifecycle customers. Add the extension, visit a component’s page in a public repository, (Maven, PyPI, RubyGems, etc.), and the extension will evaluate that component against Lifecycle’s policies.

What’s the value? The Chrome browser extension lets you shift left. When developers get information earlier, they make better decisions earlier – and better decisions means less risk, less frustration, fewer disruptions, and higher velocity.

The best practice here is to make the browser extension available to your developers as early as you can. Start by sending an email or message to your development teams to let them know it’s available. Follow up a week later. If they don’t have a login to the IQ Server, provide them with one!

Need more convincing? Consider the following:

  • Setup is easy. The extension can be added to a browser with just a few clicks, and connecting the extension to IQ Server requires just two bits of information:
    • The URL of your IQ Server.
    • A username and password for your IQ Server.
  • It’s contextual. During setup, users will pick an Application from the IQ Server, and the extension will compare against that Application’s policies, which means developers will only see policy violations that matter to them. Don’t worry; users can change Applications at any time!
  • It’s smart. The browser extension uses the same component intelligence that’s piped into Lifecycle, so you’re always seeing our latest-and-greatest about the component.
  • It’s actionable. The extension automatically compares the component in question with other versions of itself, which lets users quickly identify better versions of the same component.

The bottom line is that the platform browser extension is a huge value add that puts power into the hands of your developers, and that means less work for everyone – you included!

Are you using the extension? I’d especially like to know if you have any concerns or apprehensions about the extension. Sound off in the comments below!


Sonatype Platform Browser Extension on the Chrome web store

Sonatype Platform Browser Extension on the Edge Add-Ons store

View the files and read documentation on GitHub

For more advice and best practices, visit and! In particular, check out our Shift Left guide, and then learn more about putting information in front of developers in our course about Lifecycle integrations with IDEs.


Does this extension stores any user data? Also, is the extension going to slow down the browser performance since most of the Enterprises uses VM/K8 cluster behind proxies to run services.

1 Like

Hey @akshaysharmahld - thanks for the question!

The Sonatype Platform Browser Extension stores it’s own configuration data (the details you enter when configuring the Extension) in Google Chrome’s local storage.

From our testing, the impact on browser and browsing experience is limited due to the way the Extension is written.

Hope that helps!