Documentation Nexus IQ Server 1.20

Our documentation site has moved. For the most current version, please see http://help.sonatype.com

12.2. IQ Component Information

[Tip]

The features discussed in this section require IQ Server and Nexus Repository Manager with the Repository license plus either the Firewall or Lifecycle license.

As a native capability, Repository Manager provides robust search capability for returning components that exist in your repositories. When components are returned in your search results (see below), an option to see all versions is displayed. Clicking this link will display additional information in the search panel, as well as expand information available for each selected component.

figs/web/nexus-clm-search-results.png

Figure 12.2. Typical Search Results in Repository Manager


[Tip]

To get results that are not in the local Repository Manager cache, you will want to make sure the Download Remote Index option is enabled for the proxy repository. For guidance on this, check out section 6.2.4 (specifically Fig 6.9): Configuring Repositories in the Nexus Repository Manager book.

Once you’ve configured the IQ Server connection, additional component information, as well as any applicable policy violation information, for each component will be provided.

figs/web/nexus-clm-show-all-versions.png

Figure 12.3. Repository Manager Search Showing All Versions


[Note]

Repository Manager search is only available for open source Java components.

To access this, click on the Component Info tab. It is located just below the displayed search results, to the right of the directory tree for the selected component.

figs/web/nexus-clm-access-comp-info.png

Figure 12.4. Accessing the Component Info Tab


[Note]

Only users that are logged in will be able to see the Component Info tab.

Clicking on the Component Info tab will display a drop down list of applications associated with your IQ Server installation. Once you have selected an application, the Component Information Panel (CIP), similar to what is provided via the Application Composition Report, will be displayed.

figs/web/nexus-clm-comp-info-cip.png

Figure 12.5. Component Information Panel


[Note]

Information on the Component Info tab requires a license for IQ Server. Customers that have only purchased a license for Repository Manager will only have access to security vulnerabilities and license issues information. Those using Nexus OSS will not have access to the Component Info tab.

12.2.1. The Component Information Panel (CIP)

As mentioned above, when the CIP is first displayed, you will need to select an IQ Server Application. This application will not change until you select a new one.

The Component Information Panel is divided into two areas. On the left side is component data, which includes information related to the component itself. To the right of the component information, a graphical display of any security or license issues, as well as popularity data for each version of the component is displayed. By default the current version of the component is selected. If there are more versions than can be displayed, arrows on the right and left allow for scrolling to newer or older versions. In addition, you can click on any of these versions (if available), which will change the information that is displayed on the left of the CIP.

figs/web/nexus-clm-comp-info-cip.png

Figure 12.6. Component Information Panel Example


[Note]

In the screenshot above, we have sized the panels in Repository Manager to make all CIP information visible. By default the view will allow you to vertically scroll to view all information.

The textual information on the left includes:

figs/web/nexus-clm-cip-text.png

Figure 12.7. CIP Text


Coordinates
The identifying information for a component.
Overridden License
If you have chosen a different license for the component, it will be displayed here. This could e.g. be the case if you have purchased a license for a component allowing distribution, while the component is originally GPL.
Declared License
Any license that has been declared by the author.
Observed License
Any license(s) found during the scan of the component’s source code.
Highest Policy Threat
The highest threat level policy that has been violated, as well as the total number of violations.
Highest Security Threat
The highest threat level security issue and the total number of security issues.
Cataloged
The age of the component based on when it was first uploaded.
Match State
How the component was matched (exact, similar, or unknown).
Identification Source
Whether a component is identified by Sonatype, or claimed during your own process.
Website
If available, an information icon providing a link to the project is displayed.

The graph itself is laid out like a grid, with each vertical piece representing a particular version. The selected version being identified by a vertical line. The information displayed in the graph includes:

figs/web/nexus-clm-cip-graph.png

Figure 12.8. CIP Graph


Popularity
The popularity for each version is shown as a bar graph. The larger the graph the more popular the version.
License Risk
This will display the license risk based on the application that is selected.
Security Alerts
For each version, the highest security threat will be displayed by color, with the highest shown as red, and no marker indicating no threat.

12.2.2. Component Details

In addition to the security vulnerability and license issue details provided, any particular policy violations for a component will be displayed as well. This can be helpful in determining if a component will meet the standards for component lifecycle management your company has established.

To view these details, click on the View Details button located below the Component Information.

scale-30

Figure 12.9. View Details Button


[Note]

This is only available to users with a configured connection and license for IQ Server.

This will create a new tab in the main Repository Manager panel with the label Component Details.

scale-30

Figure 12.10. View Details


[Note]

In order to see the details for additional components, select another component from the search results, or select a different version in the CIP, and then click the View Details button.