Documentation Nexus IQ Server 1.19

Our documentation site has moved. For the most current version, please see http://help.sonatype.com

Nexus IQ Server Documentation

Authors

Sonatype, Inc. Manfred Moser Jeff Wayman Bruce Mayhew Justin Young Kelly Robinson

Preface
1. How to Use This Book
2. Downloads
3. Requirements
3.1. Nexus Solutions
3.2. Installation Requirements
3.2.1. IQ Server
3.2.2. IQ Server Web Application
3.2.3. REST API Versioning
3.2.4. Nexus IQ CLI
3.2.5. Sonatype CLM for Eclipse Requirements
3.2.6. Sonatype CLM for Bamboo Requirements
3.2.7. Sonatype CLM for Hudson / Jenkins Requirements
3.2.8. Sonatype CLM for Maven Requirements
3.2.9. Sonatype CLM for Nexus Pro Requirements
3.2.10. Sonatype CLM for SonarQube Requirements
4. IQ Server Setup
4.1. Installation
4.1.1. Starting the IQ Server
4.1.2. License Installation
4.1.3. IQ Server Directories
4.1.4. Running the IQ Server as a Service
4.2. Advanced Configuration
4.2.1. Initial Configuration of the IQ Server
4.2.2. Running the IQ Server Behind a HTTP Proxy Server
4.2.3. Setting the Base URL
4.2.4. Reverse Proxy Authentication
4.2.5. Appending a User Agent String
4.2.6. File Configuration
4.2.7. Email Configuration
4.2.8. Logging Configuration
4.2.9. HTTP Configuration
4.2.10. HTTPS/SSL
4.2.11. Anonymous Access
4.2.12. CSRF Protection
4.3. Backing Up the IQ Server
4.4. Upgrading the IQ Server
4.4.1. Upgrading from Version 1.17 or Earlier to Version 1.18 or Later
4.4.2. Upgrading from Version 1.16 or Earlier
4.4.3. Upgrading from Versions Earlier than 1.9.x
5. Security Administration
5.1. Logging In
5.2. User Management
5.2.1. Changing the Admin Account Password
5.2.2. Creating a User
5.2.3. Editing and Deleting User Information
5.3. LDAP Integration
5.3.1. Configuring the LDAP Server Connection
5.3.2. LDAP Configuration Parameters
5.3.3. Mapping LDAP Users
5.3.4. LDAP User Parameters
5.3.5. Mapping LDAP Groups
5.3.6. LDAP Group Parameters
Static Groups
Dynamic Groups
5.3.7. Verifying LDAP Configuration
Test Connection
Check User and Group Mapping
Check Login
5.4. Role Management
5.4.1. Viewing Built-in Roles
5.4.2. Viewing Permissions of Built-in Roles
5.4.3. Understanding the Importance of Hierarchy
5.4.4. Assigning Users to Roles
5.4.5. Creating Custom Roles
5.4.6. Excluding Groups from Search Results
6. Organization and Application Management
6.1. Hierarchy
6.2. Inheritance
6.3. Applications, Evaluations, and Reports
6.4. Introducing the Root Organization
6.4.1. Configuring the Root Organization
6.4.2. Creating the Root Organization
6.5. Viewing the Root Organization
6.6. Creating an Organization
6.7. Creating an Application
6.8. Viewing Organizations and Applications
7. Basic Policy Management
7.1. Risk and Organizational Intent
7.2. Basic Policy Anatomy
7.3. Advanced Anatomy of a Policy
7.4. Importing Policy
7.4.1. Sample Policy Set
7.4.2. Importing Policies to an Organization (Including the Root Organization)
7.4.3. Importing a Policy to an Application
7.5. Policy Creation
7.5.1. Step 1: Understand the Policy Intent
7.5.2. Step 2: Decide on a Descriptive Policy Name
7.5.3. Step 3: Choose an Appropriate Threat Level
7.5.4. Step 4: Choose the Matching Parameters
7.5.5. Step 5: Create Constraints with Conditions
7.5.6. Step 6: Set Policy Actions And Notifications
7.5.7. Step 7: Setup Policy Monitoring
7.5.8. The Final Step: Avoiding Policy Micromanagement
8. Advanced Policy Management (Labels, License Threat Groups, and Tags)
8.1. Labels
8.1.1. Creating, Editing, and Deleting a Label
8.1.2. Creating a Condition Based on a Label
8.2. License Threat Groups
8.2.1. Creating, Editing, and Deleting a License Threat Group
8.2.2. Creating a Condition Based on a License Threat Group
8.2.3. Creating a Condition Based on an Unassigned License Threat Group
8.3. Tags
8.3.1. Creating, Editing, and Deleting Tags
8.3.2. Applying a Tag
8.3.3. Matching Policies to Specific Applications
8.3.4. Viewing Tag-based Policies
8.4. Manual Application Evaluation
9. The Dashboard
9.1. Using the Dashboard
9.1.1. Filters
9.1.2. Visual Overview
9.2. Highest Risk Violations
9.2.1. Newest
9.2.2. By Component
9.2.3. By Application
9.3. Viewing Component Details
10. The Application Composition Report
10.1. Accessing an Application Composition Report
10.2. Reviewing a Report
10.2.1. Summary Tab
10.2.2. Policy Tab
10.2.3. Security Issues Tab
10.2.4. License Analysis Tab
10.3. Printing and Reevaluating the Report
10.4. The Component Information Panel (CIP)
10.5. Resolving Security Issues
10.5.1. Security Issues
10.5.2. The Component Information Panel (CIP)
10.5.3. Editing Vulnerability Status
10.5.4. Matching to Violations
10.6. License Analysis Tab
10.6.1. License Threat Group
10.6.2. License Analysis
10.6.3. The Component Information Panel (CIP)
10.6.4. Editing License Status and Information
10.7. Component Identification
10.7.1. Matching Components
10.7.2. Managing Proprietary Components
10.7.3. Claiming a Component
10.8. Label Overview
10.8.1. Where do labels begin?
10.8.2. Assigning a Label
10.9. Waivers
10.9.1. A Use Case for Waivers
10.9.2. Adding a Waiver
10.9.3. Viewing and Removing a Waiver
10.10. Policy Reevaluation
10.11. PDF Report
10.11.1. Creating the PDF
10.11.2. Reviewing the PDF
11. Sonatype CLM and Repository Management
12. IQ for Repository Manager
12.1. Connecting to IQ Server
12.2. IQ Component Information
12.2.1. The Component Information Panel (CIP)
12.2.2. Component Details
12.3. Audit and Quarantine
12.3.1. Configuring Audit and Quarantine
12.3.2. Disabling Audit and/or Quarantine
12.3.3. Re-enabling Audit and/or Quarantine
12.3.4. Managing Repositories
12.3.5. Managing User Roles
12.3.6. Viewing Audit Results
12.3.7. Component Information Panel (CIP)
12.3.8. Waiving Repository Policy Violations
12.4. IQ Server for Repository Manager Staging
12.4.1. Staging Profile Configuration
12.4.2. Policy Actions for Staging
12.4.3. Policy Actions for Release Repositories
13. Sonatype CLM and Continuous Integration
14. Sonatype CLM for Bamboo
14.1. Install Sonatype CLM for Bamboo
14.2. Configure Sonatype CLM for Bamboo
14.3. Adding the Sonatype CLM Analysis Task
14.4. Reviewing CLM Policy Results
15. Sonatype CLM for Hudson and Jenkins
15.1. Installation
15.2. Global Configuration
15.3. Job Configuration
15.4. Inspecting Results
16. Sonatype CLM and IDEs
17. Sonatype CLM for Eclipse
17.1. Installing Sonatype CLM for Eclipse
17.2. Configuring Sonatype CLM for Eclipse
17.3. Using the Component Info View
17.4. Filtering the Component List
17.5. Searching for Component Usages
17.6. Inspecting Component Details
17.7. Migrating to Different Component Versions
18. Sonatype CLM for SonarQube
18.1. Installation
18.2. Configuration
18.3. Proxy Configuration
18.4. Select the CLM Application
18.5. Add and Configure the Sonatype CLM Widget
18.6. Accessing the Application Composition Report
19. Nexus IQ CLI
19.1. Downloading the Nexus IQ CLI
19.2. Locating Your Application Identifier
19.3. Evaluating an Application
19.3.1. Additional Options
19.4. Example Evaluation
19.5. Using the Nexus IQ CLI with a CI Server
20. Sonatype CLM for Maven
20.1. Evaluating Project Components with Sonatype CLM Server
20.1.1. Authentication
20.1.2. Simplifying Command Line Invocations
20.1.3. Skipping Executions
20.2. Creating a Component Index
20.2.1. Excluding Module Information Files in Continuous Integration Tools
20.3. Creating a Component Info Archive for Nexus Pro CLM Edition
20.4. Using Sonatype CLM for Maven with Other IDEs
20.4.1. Maven Plugin Setup
20.4.2. IntelliJ IDEA
20.4.3. NetBeans IDE
21. REST APIs
21.1. Component Search REST APIs (v2)
21.2. Component Details API (v2)
21.3. Component Evaluation REST APIs (v2)
21.4. Application REST APIs (v2)
21.5. Violation REST API (v2)
21.6. Report-related REST APIs (v2)
A. Copyright