The features discussed in this section require IQ Server and Nexus Repository Manager Pro with the Repository license plus either the Firewall or Lifecycle license. |
The first step to integrating IQ Server features with Nexus Repository Manager 2.x is connecting to IQ Server from Nexus Repository Manager.
To configure the connection to IQ Server, follow these instructions:
Enter the username and password.
It is recommended that you create a unique machine account with desired permissions for linking IQ Server with Nexus Repository Manager. At a minimum, the account needs Evaluate Individual Components permission at the repositories level for Audit and Quarantine features and/or Evaluate Applications permission at the application level for Staging functionality. For more information about permissions, see Role Management in the Security Administration chapter. |
Optionally, you can configure these properties:
Enter information in the Properties input field using a key=value definition per line. For example:
procArch=false ipAddresses=true operatingSystem=false
These properties are passed to IQ Server and can, for example, determine what properties are logged as part of a validation. Consult the IQ Server documentation for suitable parameters. In most use cases you will not need to configure any properties.
If successfully connected, a list of available applications in IQ Server is displayed as shown in the figure below.
Alternatively you can enable, disable, and/or configure IQ Server integration by adding the IQ: Server Connection capability like any other capability as documented in the Accessing and Configuring Capabilities section of the Nexus Repository Manager book.
The features described here require licenses for Nexus Repository Manager as well as IQ Server. These are made available through purchase of our solutions. You can obtain them from the Sonatype Support team. |
In Nexus Repository Manager, the Artifact Search feature helps you find components in your repositories. In the search results, you can drill down for more detailed information. For example, after you perform a search, click Show All Versions, if available, in the search results to see information such as version, age, popularity, and more. This is displayed in the figure below.
To get results that are not in the local Nexus Repository Manager cache, you will want to make sure the Download Remote Index option is enabled for the proxy repository. For guidance on this, check out section 6.2.4 (specifically Fig 6.9): Configuring Repositories in the Nexus Repository Manager book. |
Once you’ve configured the IQ Server connection, additional component information such as security issues is displayed in the Nexus Repository Manager search results, for example:
Nexus Repository Manager search is only available for open source Java components. |
You can access more detailed component information by selecting a component and clicking the Component Info tab located below the search results.
Only users that are logged in will be able to see the Component Info tab. |
On the Component Info tab, when you select one of the applications configured in your IQ Server, the Component Information Panel (CIP) is displayed. It contains the most granular details about a component.
The Component Info tab displays the following information about a specific component:
The Component Info tab also includes a graph, which is laid out like a grid with each vertical column representing a particular version. The selected version is identified by a vertical line. You can move the line horizontally to learn about different versions of a component. The information includes:
The Component Info tab in Nexus Repository Manager has a Component Details button that opens a new tab with information about any policy violations, license issues, or security vulnerabilities that are known about a specific component.
In order to see the details for additional components, select another component from the search results, or select a different version in the CIP, and then click the View Details button. |
With Staging, you can combine the release process controls in Nexus Repository Manager with the component intelligence from IQ Server to test a release automatically before its deployed.
To use IQ Server with Nexus Repository Manager 2.x, you must first create the following items:
Before using IQ Server for staging you should be familiar with the general setup and usage patterns of the Nexus Repository Manager Staging Suite documented in the chapter on staging, located in the Nexus Repository Manager book. There, you will be guided through the process to get Nexus Repository Manager prepared to handle your staging needs. |
To utilize IQ Server evaluation and policy features as part of your build promotion you will need to select an IQ Server Application as part of the staging profile configuration. This is done via Nexus Repository Manager. An example is provided below.
While not a requirement for using IQ Server with Nexus Repository Manager staging, IQ Server does have the ability to Fail or Warn on staging closure. This is managed by setting the Stage Release and Release actions for each policy. These policy actions can be configured to warn, fail, or no action (default). The figure below provides an example policy that would warn for a staging deployment and fail a release.
The configuration of the Stage Release action is used for closing the staging repository. Based on the action chosen, the staging repository responds to policy violations as follows:
For more information on setting these actions see the Actions section in the Basic Policy Management chapter.
Nexus Repository Manager also has actions specific to the Release feature, and these can be configured to fail, warn or do nothing and are used for releasing or promoting the staging repository.
Once the staging profile is configured with the IQ Server application identifier, any deployment triggers an evaluation with IQ Server. The results are visible as Activity for the staging repository as shown in the figure below. Any rule failures are provided with further information in the detail panel. The View Full Report button links back to the detailed Application Composition Report.
The features discussed in the Using Audit & Quarantine section require Nexus Repository Manager Pro and IQ Server with the following licenses: Repository and Firewall. |
The Audit and Quarantine features provide a way to protect your development environment from risky or undesirable components. These features use IQ Server policy management to identify, and if desired, prevent a proxy repository from serving unwanted components.
Before activating Audit and Quarantine, there are several items you need to complete:
In Nexus Repository Manager, you need the following privileges to use Audit and Quarantine:
Read privilege for repositories, which lets you view a results column in the Repositories tab.
For information on assigning privileges, see the Managing Privileges section in the Nexus Repository Manager book.
Once these items are completed, you are ready to configure Audit and Quarantine and view audit results. Each of these actions is described below in more detail.
You configure the Audit and Quarantine features by adding them to Nexus Repository Manager as a plug-in capability.
To configure Audit and Quarantine:
Configure Settings as follows:
At this point, an audit of the selected repository is automatically started. Nexus Repository Manager contacts IQ Server and evaluates the components within the selected repository against any associated policy. The results are displayed in Repository Results, which is described in the next section.
To successfully quarantine components when the Quarantine feature is enabled, the policy used to evaluate components must be configured to fail when policy violations occur at the proxy stage in the development lifecycle. If the policy is set to warn (rather than fail), the quarantining of components will not occur. For more information about setting policy and the proxy stage, see the Basic Policy Management chapter. |
After the IQ: Audit and Quarantine capability is added, it appears on the Capabilities tab in Nexus Repository Manager as shown in the figure below.
To disable Audit and/or Quarantine:
Click the Settings tab of the IQ: Audit and Quarantine capability and set the following attributes:
Click the Enabled check box to deselect it and disable the Audit feature.
When you disable the IQ: Audit and Quarantine capability, Quarantine is also disabled. |
Click the Quarantine check box to deselect it and disable only the Quarantine feature.
When Quarantine is disabled, all quarantined components are made available for download from your proxy repository. This remains true, if you re-enable Quarantine. That is, any previously quarantined components are not quarantined again; only new components are evaluated for quarantine when you re-enable the Quarantine feature. |
When a component is quarantined due to a violation, it is not available for download from the proxy repository. You must first resolve the violation(s) that caused the quarantine before releasing the component and making it downloadable. For information on resolving violations from labels, security vulnerabilities, or license issues, see the Application Composition Report chapter. For information on waiving policy violations, see the Waiving Repository Policy Violations section of this chapter. Once the violations are resolved, you can proceed with releasing a component from quarantine.
To release a component from quarantine:
Once a component is released from quarantine, it cannot be put back into quarantine even if it has subsequent policy violations. If you want to re-quarantine a component, you must delete the component from its repository. The component will be quarantined again if, during an audit, it violates a policy that is set to Fail at the Proxy stage. |
To re-enable Audit and/or Quarantine:
Click the Settings tab of the IQ: Audit and Quarantine capability and set the following attributes:
Click the Quarantine check box to enable to the Quarantine feature.
Any previously quarantined components are not quarantined again even though they were quarantined in the past. Only new components are evaluated for quarantine when the Quarantine feature is re-enabled. |
Once the Audit and Quarantine features are enabled, whenever you add a component to a proxy repository (or delete one), Nexus Repository Manager contacts IQ Server to evaluate the components within the proxy repository against any associated policy. The IQ Policy Violations, are summarized in Nexus Repository Manager, and detailed in IQ Server.
In Nexus Repository Manager:
The results of an audit are summarized in the IQ Policy Violations column of the Repositories tab as shown in the figure below.
The IQ Policy Violations column includes the following items:
The IQ Policy Violations column will also alert you if there are any errors in the audit and quarantine process. If there is an error, for example if Nexus Repository Manager cannot communicate with IQ Server, a red exclamation mark will appear to the right of the Repository Results link along with text pertinent to the error that occurred. Additional information will be available in the Nexus Repository Manager logs.
If you have permissions to add capabilities in Nexus Repository Manager, then you can also access Repository Results from the Capabilities tab:
Both methods open Repository Results on IQ Server. To learn more about the details displayed in the Repository Results, see Understanding Repository Results.
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia