Upcoming Changes to the Debian and Alpine Ecosystems

Hi Sonatype Community,

Sonatype’s mission is to help you develop software fearlessly. An essential part of that mission is regularly examining our solutions, some of which will eventually reach the end of their useful life.

Following our sunsetting process, we made a hard but conscious decision to no longer support Debian and Alpine ecosystems in Sonatype Lifecycle.

Starting today, January 9th, 2024, support for the Debian and Alpine ecosystems will enter extended maintenance.

On March 31st, 2024, Sonatype Lifecycle support for Debian and Alpine will be sunset. Scanning Alpine and Debian packages with Lifecycle from this date on will return no results.

The Next Step: Upgrading to Sonatype Container

We recommend customers scanning Alpine and Debian packages adopt Sonatype Container for scanning images with these operating system components.

Sonatype Container is a Kubernetes-native security solution that helps secure containers and Kubernetes deployments from build to production on multiple cloud platforms. It provides protection for the container network, process, and file system by scanning for vulnerabilities and compliance issues from the build, to ship, to run.

24/7 Container Protection You Can Trust

Now is the ideal time to begin the discussion about transitioning to Sonatype Container for scanning your runtime environments for Alpine and Debian, ensuring continuity in your SDLC processes. Please reach out to your Account Manager to start the conversation about transitioning to Sonatype container.

If you want to learn more, please comment on this thread and we will help you find the best solution for your needs.