Nexus IQ for Jenkins 2.x evaluates a project workspace for all supported component types, creates a summary file about all the components found, and submits that to the IQ Server. The IQ Server uses that data to produce an analysis with security and license information and sends it back to the Jenkins server. These results are then used to render analysis reports.
![[Note]](images/icons/note.png){kind=icon}
|
|
|
Nexus IQ for Jenkins 2.x is only compatible with Jenkins versions 2.x and above. |
Nexus IQ for Jenkins 2.x is distributed as a Hudson plugin package (.hpi file) and is available for download from Sonatype Support.
To install Nexus IQ for Jenkins 2.x, perform the following steps:
Select Manage Plugins from the list of configuration options.
A message displays on the screen when Nexus IQ for Jenkins 2.x is successfully installed.
Use the following instructions to configure Jenkins to connect to your IQ Server:
In the Sonatype Nexus section, select Nexus IQ Server from the Add Nexus IQ Server dropdown menu and then enter the following:
Credentials: Select the Add button to enter your IQ Server username and password using the Jenkins Provider Credentials: Jenkins modal window. Once added, select your IQ Server username and password from the Credentials dropdown list and click the Test Connection button.
|
|
|
|
Only one IQ Server instance can be configured. |
After a completed installation and global configuration of Jenkins, you are ready to configure a build-step invocation as part of a specific job.
The freestyle build job is a flexible and configurable option, and can be used for any type of project. A multi-configuration build job should be used as a parameterized build job that automatically runs with all the possible acceptable combinations of parameters.
Use the following steps to add a Nexus Policy Evaluation build step to a freestyle or multi-configuration build:
In the Build section of the project configuration screen, click the Add Build Step dropdown button and then select Nexus Policy Evaluation. Enter the following parameters:
Stage: Select Build, Stage Release, Release, or Operate. This controls the stage the policy evaluation is run against on the IQ Server. Only the stages you are licensed to appear in the list.
|
|
|
|
Depending on how your policies are configured, this may impact warning and fail actions. |
Advanced options: A number of additional parameters can be supplied to the plugin using this input field. Typically these parameters are determined by Sonatype support.
Jenkins Pipeline is a suite of plugins that support implementing and integrating continuous delivery pipelines into Jenkins.
For IQ Server, build pipelines allow for policy evaluation at any point during the build, providing a way to gain a bill of materials of components that may not exist during final delivery. In addition, this allows for a policy gate to be set anywhere along the build and delivery process.
Use the following steps to add a Nexus Policy Evaluation build step to a pipeline build:
In the Pipeline section of the project configuration screen, click the Pipeline Syntax link.
In the Steps section of the Snippet Generator window, select the following:
Stage: Select Build, Stage Release, Release, or Operate. This controls the stage the policy evaluation is run against on the IQ Server. Only the stages you are licensed to appear in the list.
|
|
|
|
Depending on how your policies are configured, this may impact warning and fail actions. |
Advanced options: A number of additional parameters can be supplied to the plugin using this input field. Typically these parameters are determined by Sonatype support.
Copy the generated script and paste it into the desired stage of your pipeline script.
An example pipeline script is shown below:
nexusPolicyEvaluation failBuildOnNetworkError: false, iqApplication: 'SampApp', iqStage: 'build', jobCredentialsId: ''
