Documentation Nexus IQ Server 1.17


Preface
1. How to Use This Book
2. Downloads
3. Requirements
3.1. Nexus IQ Server
3.2. Nexus IQ Server Web Application
3.3. REST API Versioning
3.4. Nexus IQ CLI
3.5. Sonatype CLM for Eclipse Requirements
3.6. Sonatype CLM for Bamboo Requirements
3.7. Sonatype CLM for Hudson / Jenkins Requirements
3.8. Sonatype CLM for Maven Requirements
3.9. Sonatype CLM for Nexus Pro Requirements
3.10. Sonatype CLM for SonarQube Requirements
4. Nexus IQ Server Setup
4.1. Installation
4.1.1. Starting the Nexus IQ Server
4.1.2. License Installation
4.1.3. Nexus IQ Server Directories
4.1.4. Running the Nexus IQ Server as a Service
4.2. Advanced Configuration
4.2.1. Initial Configuration of the Nexus IQ Server
4.2.2. Running the Nexus IQ Server Behind a HTTP Proxy Server
4.2.3. Setting the Base URL
4.2.4. Reverse Proxy Authentication
4.2.5. Appending a User Agent String
4.2.6. File Configuration
4.2.7. Email Configuration
4.2.8. Logging Configuration
4.2.9. HTTP Configuration
4.2.10. HTTPS/SSL
4.2.11. Anonymous Access
4.2.12. CSRF Protection
4.3. Backing Up the Nexus IQ Server
4.4. Upgrading the Nexus IQ Server
4.4.1. Upgrading from Version 1.16 or Earlier
4.4.2. Upgrading from Versions Earlier than 1.9.x
5. Security Administration
5.1. Logging In
5.2. User Management
5.2.1. Changing the Admin Account Password
5.2.2. Creating a User
5.2.3. Editing and Deleting User Information
5.3. LDAP Integration
5.3.1. Configuring the LDAP Server Connection
5.3.2. LDAP Configuration Parameters
5.3.3. Mapping LDAP Users
5.3.4. LDAP User Parameters
5.3.5. Mapping LDAP Groups
5.3.6. LDAP Group Parameters
Static Groups
Dynamic Groups
5.3.7. Verifying LDAP Configuration
Test Connection
Check User and Group Mapping
Check Login
5.4. Role Management
5.4.1. Viewing Built-in Roles
5.4.2. Viewing Permissions of Built-in Roles
5.4.3. Understanding the Importance of Hierarchy
5.4.4. Assigning Users to Roles
5.4.5. Creating Custom Roles
5.4.6. Excluding Groups from Search Results
6. Organization and Application Management
6.1. Hierarchy
6.2. Inheritance
6.3. Applications, Evaluations, and Reports
6.4. Creating an Organization
6.5. Creating an Application
6.6. Viewing Organizations and Applications
7. Basic Policy Management
7.1. Risk and Organizational Intent
7.2. Basic Policy Anatomy
7.3. Advanced Anatomy of a Policy
7.4. Importing Policy
7.4.1. Sample Policy Set
7.4.2. Importing a Policy to an Organization
7.4.3. Importing a Policy to an Application
7.5. Policy Creation
7.5.1. Step 1: Understand the Policy Intent
7.5.2. Step 2: Decide on a Descriptive Policy Name
7.5.3. Step 3: Choose an Appropriate Threat Level
7.5.4. Step 4: Choose the Application Matching Parameters
7.5.5. Step 5: Create Constraints with Conditions
7.5.6. Step 6: Set Policy Actions And Notifications
7.5.7. The Final Step: Avoiding Policy Micromanagement
7.6. Evaluating Applications
7.7. Reviewing Evaluation Results
7.8. Policy Monitoring
7.8.1. Setup Policy Monitoring for an Application
7.8.2. Configuring Notification Times
8. Advanced Policy Management (Labels, License Threat Groups, and Tags)
8.1. Labels
8.1.1. Creating, Editing, and Deleting a Label
8.1.2. Creating a Condition Based on a Label
8.2. License Threat Groups
8.2.1. Creating, Editing, and Deleting a License Threat Group
8.2.2. Creating a Condition Based on a License Threat Group
8.2.3. Creating a Condition Based on an Unassigned License Threat Group
8.3. Tags
8.3.1. Creating, Editing, and Deleting Tags
8.3.2. Applying a Tag
8.3.3. Matching Policies to Specific Applications
8.3.4. Viewing Tag-based Policies
9. The Dashboard
9.1. Using the Dashboard
9.1.1. Filters
9.1.2. Visual Overview
9.2. Highest Risk Violations
9.2.1. Newest
9.2.2. By Component
9.2.3. By Application
9.3. Viewing Component Details
10. The Application Composition Report
10.1. Accessing an Application Composition Report
10.2. Reviewing a Report
10.2.1. Summary Tab
10.2.2. Policy Tab
10.2.3. Security Issues Tab
10.2.4. License Analysis Tab
10.3. Printing and Reevaluating the Report
10.4. The Component Information Panel (CIP)
10.5. Resolving Security Issues
10.5.1. Security Issues
10.5.2. The Component Information Panel (CIP)
10.5.3. Editing Vulnerability Status
10.5.4. Matching to Violations
10.6. License Analysis Tab
10.6.1. License Threat Group
10.6.2. License Analysis
10.6.3. The Component Information Panel (CIP)
10.6.4. Editing License Status and Information
10.7. Component Identification
10.7.1. Matching Components
10.7.2. Managing Proprietary Components
10.7.3. Claiming a Component
10.8. Label Overview
10.8.1. Where do labels begin?
10.8.2. Assigning a Label
10.9. Waivers
10.9.1. A Use Case for Waivers
10.9.2. Adding a Waiver
10.9.3. Viewing and Removing a Waiver
10.10. Policy Reevaluation
10.11. PDF Report
10.11.1. Creating the PDF
10.11.2. Reviewing the PDF
11. Sonatype CLM and Repository Management
12. Sonatype CLM for Nexus Pro
12.1. Repository Health Check (RHC) vs. Sonatype CLM
12.2. Connecting Nexus to CLM Server
12.3. Accessing CLM Component Information
12.4. The Component Information Panel (CIP)
12.5. Component Details (CLM)
12.6. Sonatype CLM for Nexus Staging
12.6.1. Staging Profile Configuration
12.6.2. Policy Actions for Staging
12.7. Policy Actions for Release Repositories
13. Sonatype CLM and Continuous Integration
14. Sonatype CLM for Bamboo
14.1. Install Sonatype CLM for Bamboo
14.2. Configure Sonatype CLM for Bamboo
14.3. Adding the Sonatype CLM Analysis Task
14.4. Reviewing CLM Policy Results
15. Sonatype CLM for Hudson and Jenkins
15.1. Installation
15.2. Global Configuration
15.3. Job Configuration
15.4. Inspecting Results
16. Sonatype CLM and IDEs
17. Sonatype CLM for Eclipse
17.1. Installing Sonatype CLM for Eclipse
17.2. Configuring Sonatype CLM for Eclipse
17.3. Using the Component Info View
17.4. Filtering the Component List
17.5. Searching for Component Usages
17.6. Inspecting Component Details
17.7. Migrating to Different Component Versions
18. Sonatype CLM for SonarQube
18.1. Installation
18.2. Configuration
18.3. Proxy Configuration
18.4. Select the CLM Application
18.5. Add and Configure the Sonatype CLM Widget
18.6. Accessing the Application Composition Report
19. Nexus IQ CLI
19.1. Downloading the Nexus IQ CLI
19.2. Locating Your Application Identifier
19.3. Evaluating an Application
19.3.1. Additional Options
19.4. Example Evaluation
19.5. Using the Nexus IQ CLI with a CI Server
20. Sonatype CLM for Maven
20.1. Evaluating Project Components with Sonatype CLM Server
20.1.1. Authentication
20.1.2. Simplifying Command Line Invocations
20.1.3. Skipping Executions
20.2. Creating a Component Index
20.2.1. Excluding Module Information Files in Continuous Integration Tools
20.3. Creating a Component Info Archive for Nexus Pro CLM Edition
20.4. Using Sonatype CLM for Maven with Other IDEs
20.4.1. Maven Plugin Setup
20.4.2. IntelliJ IDEA
20.4.3. NetBeans IDE
21. REST APIs
21.1. Component Search REST APIs (v2)
21.2. Component Details API (v2)
21.3. Component Evaluation REST APIs (v2)
21.4. Application REST APIs (v2)
21.5. Violation REST API (v2)
21.6. Report-related REST APIs (v2)
A. Copyright