Documentation Nexus IQ Server 1.26

17.3. Integrating Nexus IQ for Jenkins 2.x

Nexus IQ for Jenkins 2.x evaluates a project workspace for all supported component types, creates a summary file about all the components found, and submits that to the IQ Server. The IQ Server uses that data to produce an analysis with security and license information and sends it back to the Jenkins server. These results are then used to render analysis reports.

[Note]

Nexus IQ for Jenkins 2.x is only compatible with Jenkins versions 2.x and above.

17.3.1. Installation

Nexus IQ for Jenkins 2.x is distributed as a Hudson plugin package (.hpi file) and is available for download from Sonatype Support.

To install Nexus IQ for Jenkins 2.x, perform the following steps:

  1. Login to Jenkins as an administrator.
  2. Select Manage Jenkins from the navigation menu on the left.
  3. Select Manage Plugins from the list of configuration options.

    figs/web/Nexus_Jenkins_Manage_Plugins.png

    Figure 17.4. Jenkins Manage Plugins


  4. Click the Advanced tab on the Plugin Manager screen.
  5. In the Upload Plugin section click Choose File, open the Nexus IQ for Jenkins 2.x hpi file, and then click the Upload button.

A message displays on the screen when Nexus IQ for Jenkins 2.x is successfully installed.

17.3.2. Global Configuration

Use the following instructions to configure Jenkins to connect to your IQ Server:

  1. Select Manage Jenkins from the left-navigation menu.
  2. Select Configure System from the list of configuration options.
  3. In the Sonatype Nexus section, select Nexus IQ Server from the Add Nexus IQ Server dropdown menu and then enter the following:

    1. Server URL: The location of your IQ Server.
    2. Credentials: Select the Add button to enter your IQ Server username and password using the Jenkins Provider Credentials: Jenkins modal window. Once added, select your IQ Server username and password from the Credentials dropdown list and click the Test Connection button.

      figs/web/Nexus_Jenkins_Add_IQ_Server_Success.png

      Figure 17.5. Nexus Jenkins Plugin Global Configuration


  4. After a successful connection to IQ Server, click the Save button.
[Note]

Only one IQ Server instance can be configured.

17.3.3. Job Configuration

After a completed installation and global configuration of Jenkins, you are ready to configure a build-step invocation as part of a specific job.

Freestyle or Multi-Configuration Projects

The freestyle build job is a flexible and configurable option, and can be used for any type of project. A multi-configuration build job should be used as a parameterized build job that automatically runs with all the possible acceptable combinations of parameters.

Use the following steps to add a Nexus Policy Evaluation build step to a freestyle or multi-configuration build:

  1. In the Build section of the project configuration screen, click the Add Build Step dropdown button and then select Nexus Policy Evaluation. Enter the following parameters:

    1. Stage: Select Build, Stage Release, Release, or Operate. This controls the stage the policy evaluation is run against on the IQ Server. Only the stages you are licensed to appear in the list.

      [Note]

      Depending on how your policies are configured, this may impact warning and fail actions.

    2. Application: Select an application from the list of available IQ Server applications. This determines the policy elements (policies, labels, and license threat groups) to associate with this build and is managed via the IQ Server.
    3. Advanced options: A number of additional parameters can be supplied to the plugin using this input field. Typically these parameters are determined by Sonatype support.

      figs/web/Nexus_Jenkins_Build_Step_Details.png

      Figure 17.6. Nexus Policy Evaluation


  2. Complete your freestyle or multi-configuration build as desired and click Save.

Pipeline Projects

Jenkins Pipeline is a suite of plugins that support implementing and integrating continuous delivery pipelines into Jenkins.

For IQ Server, build pipelines allow for policy evaluation at any point during the build, providing a way to gain a bill of materials of components that may not exist during final delivery. In addition, this allows for a policy gate to be set anywhere along the build and delivery process.

Use the following steps to add a Nexus Policy Evaluation build step to a pipeline build:

  1. In the Pipeline section of the project configuration screen, click the Pipeline Syntax link.

    figs/web/Nexus_Jenkins_Pipeline_Script_Orig.png

    Figure 17.7. Nexus Jenkins Plugin Pipeline Syntax


  2. In the Steps section of the Snippet Generator window, select the following:

    1. Sample Step: Select NexusPolicyEvaluator: Nexus Policy Evaluation.
    2. Stage: Select Build, Stage Release, Release, or Operate. This controls the stage the policy evaluation is run against on the IQ Server. Only the stages you are licensed to appear in the list.

      [Note]

      Depending on how your policies are configured, this may impact warning and fail actions.

    3. Application: Select an application from the list of available IQ Server applications. This determines the policy elements (policies, labels, and license threat groups) to associate with this build and is managed via the IQ Server.
    4. Advanced options: A number of additional parameters can be supplied to the plugin using this input field. Typically these parameters are determined by Sonatype support.

      figs/web/Nexus_Jenkins_Snippet_Generator.png

      Figure 17.8. Generate Pipeline Script


  3. Click the Generate Pipeline Script button.
  4. Copy the generated script and paste it into the desired stage of your pipeline script.

    An example pipeline script is shown below:

    nexusPolicyEvaluation failBuildOnNetworkError: false, iqApplication: 'SampApp', iqStage: 'build',
    jobCredentialsId: ''
  5. Complete your pipeline build as desired and click Save.