The features discussed in this section require IQ Server and Nexus Repository Manager Pro with the Repository license plus either the Firewall or Lifecycle license. |
The first step to integrating IQ Server features with Nexus Repository Manager 3.x is connecting to IQ Server from Nexus Repository Manager.
To configure the connection to IQ Server:
Configure the following settings:
Select an Authentication Method:
PKI Authentication: Delegate authentication to the JVM.
It is recommended that you create a unique machine account with desired permissions for connecting IQ Server with Nexus Repository Manager. At a minimum, the account needs Evaluate Individual Components permission at the repositories level to use any available IQ Server features. |
Optionally, you can configure these properties:
Enter information in the Properties input field using a key=value definition per line. For example:
procArch=false ipAddresses=true operatingSystem=false
These properties are passed to IQ Server and can, for example, determine what properties are logged as part of a validation. In most use cases you will not need to configure any properties.
If successful, a list the applications from IQ Server is displayed, and Dashboard appears under IQ Server on the Administration main menu.
In Nexus Repository Manager, the Search feature helps you find assets and components in your repositories. In the search results, you can drill down for more detailed information. For example, after you perform a search, click a component to see its associated assets.
Click an asset to access its summary information, attributes, and component intelligence.
Click Component IQ to get more detailed information.
Component intelligence is presented in the context of an IQ Server application. Go to the IQ Application list and select one of the applications configured in your IQ Server. The Component Information Panel (CIP) is displayed, which contains the most granular details about a component.
Component IQ displays the following information about a specific component:
Component IQ also includes a graph, which is laid out like a grid with each vertical column representing a particular version. The selected version is identified by a vertical line. You can move the line horizontally to learn about different versions of a component. The information includes:
For even more granular information about a specific component, click View Details. Any known policy violations, license issues, or security vulnerabilities are displayed on a new tab in your browser.
The features discussed in this section require Nexus Repository Manager Pro and IQ Server with the following licenses: Repository and Firewall. |
The Audit and Quarantine features provide a way to protect your development environment from risky or undesirable components. These features use IQ Server policy management to identify, and if desired, prevent a proxy repository from serving unwanted components.
Before activating Audit and Quarantine, there are several items you need to complete:
In Nexus Repository Manager 3.x, you need the following privileges:
Read privilege for repositories, which lets you view a results column in Repositories (under Repository in the Administration main menu).
For information on assigning privileges, see the Privileges section in the Nexus Repository Manager 3.x book.
Once these items are completed, you are ready to configure Audit and Quarantine and view audit results. Each of these actions is described below in more detail.
You configure the Audit and Quarantine features by adding them to Nexus Repository Manager 3.x as a capability.
To configure Audit and Quarantine:
In the Create IQ: Audit and Quarantine view, configure the following settings;
At this point, an audit of the selected repository is automatically started. Nexus Repository Manager contacts IQ Server and evaluates the components within the selected repository against any associated policy.
The results are displayed in Repository Results, which is described in the next section Understanding Repository Results.
To successfully quarantine components when the Quarantine feature is enabled, the policy used to evaluate components must be configured to fail when policy violations occur at the proxy stage in the development lifecycle. If the policy is set to warn (rather than fail), the quarantining of components will not occur. For more information about setting policy and the proxy stage, see the Basic Policy Management chapter. |
This screenshot needs to be added when next version of nxrm ships:
To disable Audit and/or Quarantine:
To disable Quarantine only, deselect the Enable Quarantine for Repository check box.
When Quarantine is disabled, all quarantined components are made available for download from your proxy repository. This remains true, if you re-enable Quarantine. That is, any previously quarantined components are not quarantined again; only new components are evaluated for quarantine when you re-enable the Quarantine feature. |
When a component is quarantined due to a violation, it is not available for download from the proxy repository. You must first resolve the violation(s) that caused the quarantine before releasing the component and making it downloadable. For information on resolving violations from labels, security vulnerabilities, or license issues, see the Application Composition Report chapter. For information on waiving policy violations, see the Waiving Repository Policy Violations section of this chapter. Once the violations are resolved, you can proceed with releasing a component from quarantine.
To release a component from quarantine:
Once a component is released from quarantine, it cannot be put back into quarantine even if it has subsequent policy violations. If you want to re-quarantine a component, you must delete the component from its repository. The component will be quarantined again if, during an audit, it violates a policy that is set to Fail at the Proxy stage. |
Once the Audit is enabled, whenever you add a component to a proxy repository (or delete one), Nexus Repository Manager contacts IQ Server to evaluate the components within the proxy repository against any associated policy. The IQ Policy Violations are summarized in Nexus Repository Manager, and detailed in IQ Server.
In Nexus Repository Manager 3.x, the results of an audit are summarized in the IQ Policy Violations column of the Repositories view as shown in the figure below. You can access the Repositories view from the Repository sub menu of the Administration menu.
The IQ Policy Violations column includes the following items:
The IQ Policy Violations column will also alert you if there are any errors in the audit and quarantine process. If there is an error, for example Nexus Repository Manager cannot communicate with IQ Server, a red exclamation mark will appear to the right of the Repository Results link along with text pertinent to the error that occurred. Additional information will be available in the Nexus Repository Manager logs.
If the IQ Policy Violations column displays only Audit Enabled or Quarantine Enabled, then you do not have permission to view audit and quarantine summary results. For more information about this permission, see Granting Privileges to View Audit and Quarantine Summary Results later in this chapter. |
If you have permissions to add capabilities in Nexus Repository Manager, you can also access Repository Results from the Capabilities submenu on the Administration menu:
To learn more about the details displayed in the Repository Results, see Understanding Repository Results in the section below.
In Nexus Repository Manager 3.x, the "nexus:iq-violation-summary:read" privilege allows you to view audit and quarantine summary results in the IQ Violations column of the Repository view. This privilege is assigned to the Nexus admin role by default. If users are assigned to custom roles, this privilege needs to be added to those roles in order for them to view audit and quarantine summary results.
To grant view privileges for audit and quarantine:
In the Privileges list, move the following privileges to the Given column:
For information on assigning privileges, see the Privileges section in the Nexus Repository Manager 3.x book.
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia