Documentation Nexus IQ Server 1.17

Our documentation site has moved. For the most current version, please see http://help.sonatype.com
TOC

7.6. Evaluating Applications

In order to evaluate an application, you need to have created at least one organization and one application, as well as created or imported at least one policy at either the organization or application level. You will also need to make sure you have the proper permissions to view report information for the application you wish to evaluate.

While evaluations can be initiated from various tools (e.g. Nexus Pro+), the quickest way to get started is to perform an evaluation via the Nexus IQ Server.

This will generate a report for your application quite easily, and is a great way to create a quick baseline of your application’s health.

As mentioned previously, before you can evaluate an application, you will need to make sure you have:

  • Created an organization
  • Created an application
  • Imported or created a policy

With the above complete, you are ready to evaluate an application via the Nexus IQ Server.

  1. First, log in to the Nexus IQ Server. At a minimum you will need to be a member of the Application Owner role.
  2. Next, click the Manage Applications and Organizations icon figs/web/clm-server-manage-app-org-icon.png to access the Application and Organization Management area. Once there, click Applications (located in the menu on the left side of the screen), and then choose an application.
  3. In the top right of the Application Management area, click the Evaluate an Application icon figs/web/clm-server-evaluate-icon.png.

  4. A modal dialog will display providing a number of required fields.

    1. First, choose the bundle (application) you want evaluated. Clicking Choose File will allow you to browse your directories for the application you wish to evaluate.
    2. Next, choose the application you want to associate with the evaluation. By default, this will be pre-populated with the name of the application you first selected.
    3. After choosing the application to evaluate, you will need to specify the stage, this will affect where the report is displayed, and will overwrite the most recent report for the application and stage selected.
    4. Finally, if you have configured notifications for your policy, or policies, you can choose whether or not you want those notifications sent.
  5. Click the Upload button to begin evaluating the chosen application.
  6. The Evaluation Status will display, showing you the progress of your evaluation. When complete, you can click the View Report button to view the results of your evaluation.
figs/web/clm-server-adhoc-scanning-evaluate-application-form-completed.png

Figure 7.11. Evaluate an Application


[Note]

You can also evaluate an application via the Organizations area, simply click on Organizations instead of Applications and follow the instructions from there. You will still need to have created an application, and the application won’t be pre-filled for you in the form.

If your evaluation completed successfully, a report will be generated for the application.

The log output of the command execution will provide a summary as well as a link to the produced results similar to

[INFO] Policy Action: Warning
[INFO] Summary of policy violations: 4 critical, 85 severe, 46 moderate
[INFO] The detailed report can be viewed online
at http://localhost:8070/ui/links/application/my-app/report/95c4c14e

This report is available on the Nexus IQ Server in the Reports section. If you kept our defaults, the report will be listed under the Build Stage. So, what are you waiting for? You should see something similar to the results displayed in Figure 7.12, “Violations Report after Scan”

figs/web/clm-server-scanner-violations-report.png

Figure 7.12. Violations Report after Scan


[Note]

As mentioned previously, if you specify a stage not represented by in the Nexus IQ Server, there will not be a visible link to the report.
TOC
Products
Innovators
Customers
Learn
Company

Terms of Service    Privacy Policy

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA 22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia