Now that you have the Nexus IQ CLI set up, you are ready to evaluate an application. The application can be an archive file, a directory containing such archives or a Docker image. For Docker images, a Twistlock environment is required.
As a Java application, it can be started using the java
command,
and adding the necessary parameters. The syntax below represents the minimum set
of options required to evaluate an application.
If the application is an archive or directory:
java -jar [nexus-iq-cli jar] -i [application id] -s [server URL] [target]
If the application is a Docker image:
java -cp [nexus-iq-cli jar] com.sonatype.insight.scan.cli.TwistlockPolicyEvaluatorCli -i [application id] -s [server URL] --twistlock-scanner-executable [Twistlock scanner executable] --twistlock-console-url [Twistlock console URL] --twistlock-console-username [Twistlock console username] --twistlock-console-password [Twistlock console password] [target]
nexus-iq-cli jar
./nexus-iq-cli-1.33.0-04.jar
.
--authentication
-a
, enter the user name:password (e.g.
MyUserName:MyUserPassword
).
Authentication will permit (or prevent) the ability to submit an application for evaluation, as well as retrieve the summary results and URL. |
--pki-authentication
--application-id
-i
, enter the application id for your application (see
instructions above).
--server-url
-s
enter the location of your IQ Server (e.g.
http://localhost:8070
).
Target
jar
,
war
, ear
, tar
, tar.gz
, zip
and many others.
--twistlock-scanner-executable
--twistlock-console-url
--twistlock-console-username
--twistlock-console-password
Listed in the options below, you can specify the specific stage. However, if you do not include this option the system will default to the Build stage. |
There are several additional options that can be used in the construction of the syntax for evaluating an application with the Nexus IQ CLI.
--fail-on-policy-warnings
-w
will cause a failure of the evaluation if any warnings are
encountered. By default, this is set to false.
--ignore-system-errors
-e
, allows you to ignore any system errors (e.g. IO, Network,
server, etc.). This is most helpful when using the Nexus IQ CLI with
continuous integration servers, as these errors can cause the unintentional
failure of a build.
--proxy
-p
, you can specify a proxy to use in connecting to the IQ Server. The format is <host[:port]>.
--proxy-user
-U
, you can specify credentials for the proxy. The format is
<username:password>.
--result-file
-r
, you can specify the name and location of a JSON file that
will store the results of the policy evaluation in a machine-readable format.
--stage
-t
, you can specify the stage you wish the
report to be associated with. This is an optional parameter, and if it is not
specified, the report will be associated with the Build stage by default.
At this time only the Build, Stage Release, and Release stages will display a report in the IQ Server Reports area. For a full list of stages, use the CLI help provided with the tool. |
--twistlock-tlsverify
The parameters can be passed to the Nexus IQ CLI via a file. To do that, you specify the file name prefixed by an @ character, e.g. @some/path/myparamfile.
Inside a parameter file:
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia