Documentation Nexus IQ Server 1.24

Our documentation site has moved. For the most current version, please see http://help.sonatype.com

22.3. Evaluating an Application

Now that you have the Nexus IQ CLI set up, you are ready to evaluate an application. The application can be an archive file, a directory containing such archives or a Docker image. For Docker images, a Twistlock environment is required.

As a Java application, it can be started using the java command, and adding the necessary parameters. The syntax below represents the minimum set of options required to evaluate an application.

If the application is an archive or directory:

java -jar [scanner jar] -i [application id] -s [server URL] [target]

If the application is a Docker image:

java -cp [scanner jar] com.sonatype.insight.scan.cli.TwistlockPolicyEvaluatorCli -i [application id] -s [server URL] --twistlock-scanner-executable [Twistlock scanner executable] --twistlock-console-url [Twistlock console URL] --twistlock-console-username [Twistlock console username] --twistlock-console-password [Twistlock console password] [target]
scanner jar
This is the path to the Nexus IQ CLI jar file e.g. ./nexus-iq-cli-1.24.0.jar.
--authentication
Using the switch -a, enter the user name:password (e.g. MyUserName:MyUserPassword).
[Note]

Authentication will permit (or prevent) the ability to submit an application for evaluation, as well as retrieve the summary results and URL. At this time authentication is required.

--application-id
Using the switch -i, enter the application id for your application (see instructions above).
--server-url
Using the switch -s enter the location of your IQ Server (e.g. http://localhost:8070).
Target
This is the path to a specific application archive file, a directory containing such archives or the ID of a Docker image. For archives, a number of formats are supported, including jar, war, ear, tar, tar.gz, zip and many others.
--twistlock-scanner-executable
The path to the Twistlock scanner binary, e.g. twistlock-1-5-47/twistlock-scanner
--twistlock-console-url
The URL for the Twistlock console, e.g. https://localhost:8083
--twistlock-console-username
The user name used to connect to the Twistlock console.
--twistlock-console-password
The password for the user name used to connect to the Twistlock console.
[Tip]

Listed in the options below, you can specify the specific stage. However, if you do not include this option the system will default to the Build stage.

22.3.1. Additional Options

There are several additional options that can be used in the construction of the syntax for evaluating an application with the Nexus IQ CLI.

--fail-on-policy-warnings
using the switch -w will cause a failure of the evaluation if any warnings are encountered. By default, this is set to false.
--ignore-system-errors
Using the switch -e, allows you to ignore any system errors (e.g. IO, Network, server, etc.). This is most helpful when using the Nexus IQ CLI with continuous integration servers, as these errors can cause the unintentional failure of a build.
--proxy
Using the switch -p, you can specify a proxy to use in connecting to the IQ Server. The format is <host[:port]>.
--proxy-user
Using the switch -U, you can specify credentials for the proxy. The format is <username:password>.
--result-file
Using the switch -r, you can specify the name and location of a JSON file that will store the results of the policy evaluation in a machine-readable format.
--stage
Using the switch -t, you can specify the stage you wish the report to be associated with. This is an optional parameter, and if it is not specified, the report will be associated with the Build stage by default.
[Note]

At this time only the Build, Stage Release, and Release stages will display a report in the IQ Server Reports area. For a full list of stages, use the CLI help provided with the tool.