Documentation Nexus IQ Server 1.32

Our documentation site has moved. For the most current version, please see

Nexus IQ Server Documentation


Sonatype, Inc. Bruce Mayhew Manfred Moser Kelly Robinson Ann Rollo Jeff Wayman Justin Young Brianne Strozewski

1. How to Use This Book
3. Requirements
3.1. Nexus Solutions
3.2. Installation Requirements
3.2.1. IQ Server
3.2.2. IQ Server Web Application
3.2.3. REST API Versioning
3.2.4. Nexus IQ CLI
3.2.5. Sonatype CLM for Eclipse Requirements
3.2.6. IQ for IDEA Requirements
3.2.7. IQ for Visual Studio Requirements
3.2.8. Nexus IQ for Bamboo Requirements
3.2.9. Sonatype CLM for Hudson / Jenkins Requirements
3.2.10. Sonatype CLM for Maven Requirements
3.2.11. Sonatype CLM for Nexus Pro Requirements
3.2.12. Sonatype CLM for SonarQube Requirements
3.2.13. JIRA Notifications Requirements
4. Quick Start Guide - Nexus Firewall
5. Quick Start Guide - Nexus Lifecycle
6. IQ Server Setup
6.1. Installation
6.1.1. Starting the IQ Server
6.1.2. License Installation
6.1.3. IQ Server Directories
6.1.4. Running the IQ Server as a Service
6.2. Advanced Configuration
6.2.1. Initial Configuration of the IQ Server
6.2.2. Running the IQ Server Behind a HTTP Proxy Server
6.2.3. Setting the Base URL
6.2.4. Reverse Proxy Authentication
6.2.5. Appending a User Agent String
6.2.6. File Configuration
6.2.7. Email Configuration
6.2.8. Logging Configuration
6.2.9. HTTP Configuration
6.2.10. HTTPS/SSL
6.2.11. Anonymous Access
6.2.12. CSRF Protection
6.3. Backing Up the IQ Server
6.4. Upgrading the IQ Server
6.4.1. Upgrading from Version 1.17 or Earlier to Version 1.18 or Later
6.4.2. Upgrading from Version 1.15 or Earlier to Version 1.23 or Later
6.4.3. Upgrading from Version 1.16 or Earlier
6.4.4. Upgrading from Versions Earlier than 1.9.x
7. Security Administration
7.1. Logging In
7.2. Product Notifications
7.3. User Management
7.3.1. Changing the Admin Account Password
7.3.2. Creating a User
7.3.3. Editing and Deleting User Information
7.4. LDAP Integration
7.4.1. Configuring LDAP Server Connection
7.4.2. LDAP Configuration Parameters
7.4.3. Mapping LDAP Users
7.4.4. LDAP User Parameters
7.4.5. Mapping LDAP Groups
7.4.6. LDAP Group Parameters
Static Groups
Dynamic Groups
7.4.7. Verifying LDAP Configuration
Test Connection
Check User and Group Mapping
Check Login
7.4.8. Reordering LDAP Servers
7.5. Role Management
7.5.1. Viewing Built-in Roles
7.5.2. Viewing Permissions of Built-in Roles
7.5.3. Understanding the Importance of Hierarchy
7.5.4. Managing Administrator Roles
Viewing Administrator Roles
Assigning Users to Administrator Roles
7.5.5. Managing Organizational Roles
Viewing Organizational Role Assignments
Assigning Users to Organizational Roles
Editing Organizational Role Assignments
Removing Organizational Role Assignments
7.5.6. Creating Custom Roles
7.5.7. Assigning Groups to Roles without Searching
7.5.8. Viewing Role Assignments
8. Organization and Application Management
8.1. Hierarchy
8.2. Inheritance
8.3. Applications, Evaluations, and Reports
8.4. The Root Organization
8.4.1. Configuring the Root Organization
8.4.2. Creating the Root Organization
8.5. Viewing the Root Organization
8.6. Creating an Organization
8.7. Editing an Organization
8.8. Deleting an Organization
8.9. Creating an Application
8.10. Editing an Application
8.10.1. Selecting an Application Contact
8.10.2. Removing an Application Contact
8.10.3. Copying the Application ID to Clipboard
8.10.4. Changing an Application ID
8.11. Moving an Application
8.12. Deleting an Application
8.13. Viewing Organizations and Applications
8.14. Managing Organizations and Applications
9. Basic Policy Management
9.1. What is a Policy?
9.2. Getting Started with Policies
9.2.1. Downloading the Sample Policy Set
9.2.2. Importing Policies
9.3. Viewing Policies
9.4. Creating Policies
9.5. Editing Policies
9.6. Deleting Policies
9.7. Understanding the Parts of a Policy
9.7.1. Policy Name
9.7.2. Threat Level
9.7.3. Inheritance
9.7.4. Constraints and Conditions
9.7.5. Actions
9.7.6. Notifications
9.7.7. JIRA Notifications
9.8. Continuous Monitoring of Applications
9.9. Proprietary Component Configuration
10. Advanced Policy Management
10.1. Component Labels
10.1.1. Viewing a Component Label
10.1.2. Creating a Component Label
10.1.3. Editing a Component Label
10.1.4. Deleting a Component Label
10.2. License Threat Groups
10.2.1. Viewing a License Threat Group
10.2.2. Creating a License Threat Group
10.2.3. Editing a License Threat Group
10.2.4. Deleting a License Threat Group
10.3. Application Categories
10.3.1. Creating Application Categories
10.3.2. Editing an Application Category
10.3.3. Deleting an Application Category
10.3.4. Assigning an Application Category
10.4. Manual Application Evaluation
11. The Dashboard
11.1. Using the Dashboard
11.2. Filters
11.3. Results
11.3.1. Policy Violation Trends
11.3.2. Violations
11.3.3. Components
11.3.4. Applications
11.4. Viewing Component Details
11.5. Exporting Results
12. The Application Composition Report
12.1. Accessing an Application Composition Report
12.2. Reviewing a Report
12.2.1. Summary Tab
12.2.2. Policy Violations Tab
12.2.3. Security Issues Tab
12.2.4. License Analysis Tab
12.3. Printing and Reevaluating the Report
12.4. The Component Information Panel (CIP)
12.5. Resolving Security Issues
12.5.1. Security Issues
12.5.2. The Component Information Panel (CIP)
12.5.3. Editing Vulnerability Status
12.5.4. Matching to Violations
12.6. License Analysis Tab
12.6.1. License Threat Group
12.6.2. License Analysis
12.6.3. The Component Information Panel (CIP)
12.6.4. Editing License Status and Information
12.7. Component Identification
12.7.1. Matching Components
12.7.2. Managing Proprietary Components
12.7.3. Claiming a Component
12.8. Component Label Overview
12.8.1. Where do component labels begin?
12.8.2. Assigning a Label
12.9. Waivers
12.9.1. A Use Case for Waivers
12.9.2. Adding a Waiver
12.9.3. Viewing and Removing a Waiver
12.10. Policy Reevaluation
12.11. PDF Report
12.11.1. Creating the PDF
12.11.2. Reviewing the PDF
13. Sonatype CLM and Repository Management
14. IQ for Nexus Repository Manager
14.1. Integrating Nexus Repository Manager 2.x and IQ Server
14.1.1. Connecting to IQ Server
14.1.2. Viewing Component Information
14.1.3. Component Details
14.1.4. Using Staging to Control Releases
Staging Profile Configuration
Policy Actions for Staging
Policy Actions for Release Repositories
14.1.5. Using Audit and Quarantine
Configuring Audit and Quarantine
Disabling Audit and/or Quarantine
Releasing a Component from Quarantine
Re-enabling Audit and/or Quarantine
Viewing Repository Results
14.2. Integrating Nexus Repository Manager 3.x and IQ Server
14.2.1. Connecting to IQ Server
14.2.2. Viewing Component and Assets Information
14.2.3. Using Audit and Quarantine
Configuring Audit and Quarantine
Disabling Audit and/or Quarantine
Releasing a Component from Quarantine
Viewing Repository Results
Granting Privileges to View Audit and Quarantine Summary Results
14.3. Understanding Repository Results
14.3.1. Using the Component Information Panel (CIP)
14.3.2. Waiving Repository Policy Violations
14.4. Managing Repositories
14.5. Managing User Roles
14.6. Removing a Repository in IQ Server
15. Sonatype CLM and Continuous Integration
16. Nexus IQ for Bamboo
16.1. Install Nexus IQ for Bamboo
16.2. Configure Nexus IQ for Bamboo
16.3. Adding the IQ Analysis Task
16.4. Reviewing IQ Policy Results
17. Nexus IQ for Hudson/Jenkins
17.1. Plugin Selection
17.2. Integrating Nexus IQ for Hudson/Jenkins 1.x
17.2.1. Installation
17.2.2. Global Configuration
17.2.3. Job Configuration
17.3. Integrating Nexus IQ for Jenkins 2.x
17.3.1. Installation
17.3.2. Global Configuration
17.3.3. Job Configuration
Freestyle or Multi-Configuration Projects
Pipeline Projects
Return Value from Pipeline Build
17.4. Inspecting Results
18. IQ Server and IDEs
19. Sonatype CLM for Eclipse
19.1. Installing Sonatype CLM for Eclipse
19.2. Configuring Sonatype CLM for Eclipse
19.3. Using the Component Info View
19.4. Filtering the Component List
19.5. Searching for Component Usages
19.6. Inspecting Component Details
19.7. Migrating to Different Component Versions
20. IQ for IDEA
20.1. Installing IQ for IDEA
20.2. Configuring IQ for IDEA
20.3. Using the Component Info View
21. IQ for Visual Studio
21.1. Installing IQ for Visual Studio
21.2. Configuring IQ for Visual Studio
21.3. Using IQ for Visual Studio
22. Sonatype CLM for SonarQube
22.1. Installation
22.2. Configuration
22.3. Select the CLM Application
22.4. Add and Configure the Sonatype CLM Widget
22.5. Accessing the Application Composition Report
23. Nexus IQ CLI
23.1. Downloading the Nexus IQ CLI
23.2. Locating Your Application ID
23.3. Evaluating an Application
23.3.1. Additional Parameters
23.3.2. Loading Parameters from a File
23.4. Example Evaluation
23.5. Using the Nexus IQ CLI with a CI Server
24. Sonatype CLM for Maven
24.1. Evaluating Project Components with Sonatype CLM Server
24.1.1. Authentication
24.1.2. Simplifying Command Line Invocations
24.1.3. Skipping Executions
24.2. Creating a Component Index
24.2.1. Excluding Module Information Files in Continuous Integration Tools
24.3. Creating a Component Info Archive for Nexus Pro CLM Edition
24.4. Using Sonatype CLM for Maven with Other IDEs
24.4.1. Maven Plugin Setup
24.4.2. IntelliJ IDEA
24.4.3. NetBeans IDE
25.1. Component Search REST APIs (v2)
25.2. Component Details API (v2)
25.3. Component Evaluation REST APIs (v2)
25.4. Application REST APIs (v2)
25.4.1. Deleting an Application
25.5. Violation REST API (v2)
25.6. Report-related REST APIs (v2)
25.7. Accessing REST APIs via Reverse Proxy Authentication
26. Webhooks
26.1. Using Webhooks
26.2. Configuring Webhooks
26.2.1. Creating Webhooks
26.2.2. Editing Webhooks
26.2.3. Deleting Webhooks
26.3. Working with HMAC Payloads
26.4. Example Headers and Payloads
26.4.1. Policy Management Event
26.4.2. Application Evaluation Event
26.4.3. Security Vulnerability Override Management Event
26.4.4. License Override Management Event
A. Copyright