Update on Lifecycle XC

Over the past year, Sonatype has steadily increased native support in Nexus Lifecycle for the most popular component formats (first seen in IQ Server release 86) - we added more than 10 new ecosystems to Nexus Lifecycle in 2020! These improvements provide a more seamless experience when scanning and writing/enforcing policy within Nexus Lifecycle. As a result of these additions, we will be sunsetting Nexus Lifecycle XC on January 31, 2021.

We began this process with IQ Server Release 101, where we announced that XC would no longer be accessible from Nexus IQ CLI (however, you can still view old/archived reports) for those customers upgrading beyond release 101.

What does this mean for you?
The biggest change you’ll see is additional functionality for these ecosystems, as well as a cohesive experience when running your scans. In addition to the SBOM you received in XC, you will have general visibility, dashboard access, policy, and reporting capabilities. You will also have full security data that you can write and apply policy against. This should make the whole application scanning and report generating process faster since you no longer need to navigate away from Nexus Lifecycle for your results.

Which ecosystems did Lifecycle XC support?

  • Composer - PHP
  • RubyGems - Ruby
  • Swift and Objective-C in CocoaPods
  • Conda

What can I do to prepare for this change?

  1. Upgrade to IQ 86 to access Composer - PHP and RubyGems - Ruby
  2. Upgrade to IQ 88 to access Swift and Objective-C in CocoaPods and Conda
  3. Update CLI and command line options to remove XC and take appropriate actions by referring to the Comprehensive Guide to Lifecycle Scanning
  4. Review our scanning guide to learn how to migrate, as the XC parameter will no longer be available.
  5. Watch our demo for how to scan for these in Lifecycle

What are the key dates/releases I need to know?

  • IQ 101 - Customers upgrading to IQ Server 101+ will no longer be able to access/run scans in Lifecycle XC; HOWEVER, you can still view old and archived reports.
  • IQ 104 - Customers upgrading to 104+ will no longer be access/run scans OR view old and archived reports in XC
  • February 1, 2021 (not tied to a release number) - All version of IQ will be unable to access/run scans/generate new reports in XC

Additional Information

  1. If you would like to still view old and archived reports, you can do so if you do not upgrade to IQ 104 or higher.
  2. If you try scanning for XC on February 1, 2021 you will receive the message, “An error occurred loading data. Expanded Coverage (XC) is no longer supported. We have incorporated support for all languages that were maintained in XC in Lifecycle.”

Visit our website for more information on ecosystems supported by the Nexus Platform.

Where can I ask additional questions?
You can reply directly to this post. If you are not already registered to the Sonatype User Community, you will be prompted to create an account. This will empower you to create and reply to other threads initiated by both the Sonatype team and your community peers. Notifications can be easily configured to ensure you are aware of updates for a specific thread and/or important announcements within the Community.