Sonatype Lift Product Updates

Hello Sonatype Lift users! We wanted to share product updates we’ve made recently:

Continuous Monitoring: We’ve released a Continuous Monitoring feature that scans the main branch of your repositories on an ongoing basis. Lift will send you automated emails highlighting new vulnerabilities in your repositories. This lets you get notifications about new vulnerabilities in your repositories and monitor the health of your code. Once you’ve signed up for Continuous Monitoring, you will get regular email updates. Example screenshot is attached with this post. To get more info on this feature, please visit this link. If you want to sign up for continuous monitoring, please add your details to this form.

  • Github Badge: Now you can add a Sonatype Lift github badge to your github repositories! Example screenshot is attached with this post. To find out how you can add this to your repositories, please click here.

  • Web Report Specific to PR: We’ve enhanced our reporting to create a console report which is specific to a PR and only displays findings highlighted in the PR. Now when you click a github link which takes you to Sonatype Lift’s web console, which highlights findings pertaining to that PR.

  • Inclusion of “Exclude” command in Lift Bot Github Integration: We released an enhancement to our github integration. It now supports the “Exclude” command in addition to our other commands. A developer can add a chat command “@sonatype-lift exclude <file|issue|path|tool>”, which will generate configuration for them to add to config.toml resulting in the file/issue/path/tool being excluded. For more info on this, please see this link.

  • Enabling general comments for Lift: We will now be able to post general comments from Lift without blocking PRs of users.

Great job to all of the team for delivering these! If you have any questions or thoughts on any of these, please let us know.