Documentation Nexus IQ Server 1.21

Nexus IQ Server Documentation

Authors

Sonatype, Inc. Bruce Mayhew Manfred Moser Kelly Robinson Ann Rollo Jeff Wayman Justin Young

Preface
1. How to Use This Book
2. Downloads
3. Requirements
3.1. Nexus Solutions
3.2. Installation Requirements
3.2.1. IQ Server
3.2.2. IQ Server Web Application
3.2.3. REST API Versioning
3.2.4. Nexus IQ CLI
3.2.5. Sonatype CLM for Eclipse Requirements
3.2.6. IQ for IDEA Requirements
3.2.7. Nexus IQ for Bamboo Requirements
3.2.8. Sonatype CLM for Hudson / Jenkins Requirements
3.2.9. Sonatype CLM for Maven Requirements
3.2.10. Sonatype CLM for Nexus Pro Requirements
3.2.11. Sonatype CLM for SonarQube Requirements
4. IQ Server Setup
4.1. Installation
4.1.1. Starting the IQ Server
4.1.2. License Installation
4.1.3. IQ Server Directories
4.1.4. Running the IQ Server as a Service
4.2. Advanced Configuration
4.2.1. Initial Configuration of the IQ Server
4.2.2. Running the IQ Server Behind a HTTP Proxy Server
4.2.3. Setting the Base URL
4.2.4. Reverse Proxy Authentication
4.2.5. Appending a User Agent String
4.2.6. File Configuration
4.2.7. Email Configuration
4.2.8. Logging Configuration
4.2.9. HTTP Configuration
4.2.10. HTTPS/SSL
4.2.11. Anonymous Access
4.2.12. CSRF Protection
4.3. Backing Up the IQ Server
4.4. Upgrading the IQ Server
4.4.1. Upgrading from Version 1.17 or Earlier to Version 1.18 or Later
4.4.2. Upgrading from Version 1.16 or Earlier
4.4.3. Upgrading from Versions Earlier than 1.9.x
5. Security Administration
5.1. Logging In
5.2. Product Notifications
5.3. User Management
5.3.1. Changing the Admin Account Password
5.3.2. Creating a User
5.3.3. Editing and Deleting User Information
5.4. LDAP Integration
5.4.1. Configuring the LDAP Server Connection
5.4.2. LDAP Configuration Parameters
5.4.3. Mapping LDAP Users
5.4.4. LDAP User Parameters
5.4.5. Mapping LDAP Groups
5.4.6. LDAP Group Parameters
Static Groups
Dynamic Groups
5.4.7. Verifying LDAP Configuration
Test Connection
Check User and Group Mapping
Check Login
5.5. Role Management
5.5.1. Viewing Built-in Roles
5.5.2. Viewing Permissions of Built-in Roles
5.5.3. Understanding the Importance of Hierarchy
5.5.4. Managing Administrator Roles
Viewing Administrator Roles
Assigning Users to Administrator Roles
5.5.5. Managing Organizational Roles
Viewing Organizational Role Assignments
Assigning Users to Organizational Roles
Editing Organizational Role Assignments
Removing Organizational Role Assignments
5.5.6. Creating Custom Roles
5.5.7. Assigning Groups to Roles without Searching
5.5.8. Viewing Role Assignments
6. Organization and Application Management
6.1. Hierarchy
6.2. Inheritance
6.3. Applications, Evaluations, and Reports
6.4. The Root Organization
6.4.1. Configuring the Root Organization
6.4.2. Creating the Root Organization
6.5. Viewing the Root Organization
6.6. Creating an Organization
6.7. Editing an Organization
6.8. Deleting an Organization
6.9. Creating an Application
6.10. Editing an Application
6.10.1. Selecting an Application Contact
6.10.2. Removing an Application Contact
6.10.3. Copying the Application ID to Clipboard
6.10.4. Changing an Application ID
6.11. Moving an Application
6.12. Deleting an Application
6.13. Viewing Organizations and Applications
6.14. Managing Organizations and Applications
7. Basic Policy Management
7.1. What is a Policy?
7.2. Getting Started with Policies
7.2.1. Downloading the Sample Policy Set
7.2.2. Importing Policies
7.3. Viewing Policies
7.4. Creating Policies
7.5. Editing Policies
7.6. Deleting Policies
7.7. Understanding the Parts of a Policy
7.7.1. Policy Name
7.7.2. Threat Level
7.7.3. Inheritance
7.7.4. Constraints and Conditions
7.7.5. Actions
7.7.6. Notifications
7.8. Continuous Monitoring of Applications
8. Advanced Policy Management (Component Labels, License Threat Groups, and Application Categories)
8.1. Component Labels
8.1.1. Viewing a Component Label
8.1.2. Creating a Component Label
8.1.3. Editing a Component Label
8.1.4. Deleting a Component Label
8.2. License Threat Groups
8.2.1. Viewing a License Threat Group
8.2.2. Creating a License Threat Group
8.2.3. Editing a License Threat Group
8.2.4. Deleting a License Threat Group
8.3. Application Categories
8.3.1. Creating Application Categories
8.3.2. Editing an Application Category
8.3.3. Deleting an Application Category
8.3.4. Assigning an Application Category
8.4. Manual Application Evaluation
9. The Dashboard
9.1. Using the Dashboard
9.1.1. Filters
9.1.2. Dashboard Header
9.2. Highest Risk Violations
9.2.1. Newest
9.2.2. By Component
9.2.3. By Application
9.3. Viewing Component Details
10. The Application Composition Report
10.1. Accessing an Application Composition Report
10.2. Reviewing a Report
10.2.1. Summary Tab
10.2.2. Policy Violations Tab
10.2.3. Security Issues Tab
10.2.4. License Analysis Tab
10.3. Printing and Reevaluating the Report
10.4. The Component Information Panel (CIP)
10.5. Resolving Security Issues
10.5.1. Security Issues
10.5.2. The Component Information Panel (CIP)
10.5.3. Editing Vulnerability Status
10.5.4. Matching to Violations
10.6. License Analysis Tab
10.6.1. License Threat Group
10.6.2. License Analysis
10.6.3. The Component Information Panel (CIP)
10.6.4. Editing License Status and Information
10.7. Component Identification
10.7.1. Matching Components
10.7.2. Managing Proprietary Components
10.7.3. Claiming a Component
10.8. Component Label Overview
10.8.1. Where do component labels begin?
10.8.2. Assigning a Label
10.9. Waivers
10.9.1. A Use Case for Waivers
10.9.2. Adding a Waiver
10.9.3. Viewing and Removing a Waiver
10.10. Policy Reevaluation
10.11. PDF Report
10.11.1. Creating the PDF
10.11.2. Reviewing the PDF
11. Sonatype CLM and Repository Management
12. IQ for Nexus Repository Manager
12.1. Connecting to IQ Server
12.2. IQ Component Information
12.2.1. The Component Information Panel (CIP)
12.2.2. Component Details
12.3. Audit and Quarantine
12.3.1. Configuring Audit and Quarantine
12.3.2. Disabling Audit and/or Quarantine
12.3.3. Releasing a Component from Quarantine
12.3.4. Re-enabling Audit and/or Quarantine
12.3.5. Managing Repositories
12.3.6. Managing User Roles
12.3.7. Viewing Audit Results
12.3.8. Component Information Panel (CIP)
12.3.9. Waiving Repository Policy Violations
12.3.10. Removing a Repository in IQ Server
12.4. IQ Server for Nexus Repository Manager Staging
12.4.1. Staging Profile Configuration
12.4.2. Policy Actions for Staging
12.4.3. Policy Actions for Release Repositories
13. Sonatype CLM and Continuous Integration
14. Nexus IQ for Bamboo
14.1. Install Nexus IQ for Bamboo
14.2. Configure Nexus IQ for Bamboo
14.3. Adding the IQ Analysis Task
14.4. Reviewing IQ Policy Results
15. IQ for Hudson/Jenkins
15.1. Installation
15.2. Global Configuration
15.3. Job Configuration
15.4. Inspecting Results
16. Sonatype CLM and IDEs
17. Sonatype CLM for Eclipse
17.1. Installing Sonatype CLM for Eclipse
17.2. Configuring Sonatype CLM for Eclipse
17.3. Using the Component Info View
17.4. Filtering the Component List
17.5. Searching for Component Usages
17.6. Inspecting Component Details
17.7. Migrating to Different Component Versions
18. IQ for IDEA
18.1. Installing IQ for IDEA
18.2. Configuring IQ for IDEA
18.3. Using the Component Info View
19. Sonatype CLM for SonarQube
19.1. Installation
19.2. Configuration
19.3. Proxy Configuration
19.4. Select the CLM Application
19.5. Add and Configure the Sonatype CLM Widget
19.6. Accessing the Application Composition Report
20. Nexus IQ CLI
20.1. Downloading the Nexus IQ CLI
20.2. Locating Your Application Identifier
20.3. Evaluating an Application
20.3.1. Additional Options
20.4. Example Evaluation
20.5. Using the Nexus IQ CLI with a CI Server
21. Sonatype CLM for Maven
21.1. Evaluating Project Components with Sonatype CLM Server
21.1.1. Authentication
21.1.2. Simplifying Command Line Invocations
21.1.3. Skipping Executions
21.2. Creating a Component Index
21.2.1. Excluding Module Information Files in Continuous Integration Tools
21.3. Creating a Component Info Archive for Nexus Pro CLM Edition
21.4. Using Sonatype CLM for Maven with Other IDEs
21.4.1. Maven Plugin Setup
21.4.2. IntelliJ IDEA
21.4.3. NetBeans IDE
22. REST APIs
22.1. Component Search REST APIs (v2)
22.2. Component Details API (v2)
22.3. Component Evaluation REST APIs (v2)
22.4. Application REST APIs (v2)
22.5. Violation REST API (v2)
22.6. Report-related REST APIs (v2)
A. Copyright