Documentation Nexus IQ Server 1.23

Our documentation site has moved. For the most current version, please see http://help.sonatype.com

Chapter 20. Sonatype CLM for SonarQube

[Tip]

The topics discussed in this chapter require IQ Server with the Lifecycle license.

Sonatype CLM integrates with a wide range of external enforcement points that include continuous integration servers (Hudson/Jenkins), the IDEs (Eclipse), and repository management (Nexus). This is in addition to the Nexus IQ CLI and Maven plugin.

The enforcement points are a common aspect of the development lifecycle, and in Sonatype CLM, each represents a unique stage. This creates an invaluable integration of Sonatype CLM with industry standard tools that already make the lives of your business and development process even better. This also means, your team has greater overall control in identifying and reducing open source component risk.

Better component usage doesn’t just lead to risk reduction though, it also leads to better applications. This is something that ties closely with code analysis, and tools such as SonarQube.

As a user of SonarQube, you know first hand the impact that principles such as the 7 Axes of Code Quality can have on the applications and projects your teams create. Paralleling this, as a user of Sonatype CLM you also know how policy management is a critical and essential part of open source component usage.

Sonatype CLM for SonarQube brings both of these together, and in this chapter we’ll cover everything you need to get going as quickly as possible. This includes:

  • Download, installation, and configuration
  • Application Composition Report access
figs/web/sonarqube-overview.png

Figure 20.1. SonarQube Overview


[Note]

You should have installed and are running the IQ Server. You must have at least one organization and an application created, as well as at least one policy the application can be evaluated against.