Resolve integrates with Sonatype to import application vulnerability data.

Resolve periodically queries Sonatype for new application files. If a new file is detected, Resolve creates a project within the specified business unit and imports findings to the project.

Configure connection, authentication, and other settings for a Sonatype integration.

  1. From the top menu, select Administration > Integrations.
  2. Click the Sonatype card.
  3. At the top right, click Install.
  4. Enter the following information:
    • Name of the Sonatype instance
    • Server address
    • User name
    • Password
    • Frequency
      Note: The frequency must be a cron expression. For example, enter 0 * * * * to run integration actions hourly.
  5. Click Next or expand the Action Configuration area.
  6. Enable Sonatype.
  7. At the top right of the page, click Save.