Documentation Nexus IQ Server 1.34

Our documentation site has moved. For the most current version, please see

Nexus IQ Server Documentation


Sonatype, Inc. Bruce Mayhew Manfred Moser Kelly Robinson Ann Rollo Jeff Wayman Justin Young Brianne Strozewski

1. How to Use This Book
3. Requirements
3.1. Nexus Solutions
3.2. Installation Requirements
3.2.1. IQ Server
3.2.2. IQ Server Web Application
3.2.3. REST API Versioning
3.2.4. Nexus IQ CLI
3.2.5. Sonatype CLM for Eclipse Requirements
3.2.6. IQ for IDEA Requirements
3.2.7. IQ for Visual Studio Requirements
3.2.8. Nexus IQ for Bamboo Requirements
3.2.9. Sonatype CLM for Hudson / Jenkins Requirements
3.2.10. Sonatype CLM for Maven Requirements
3.2.11. Sonatype CLM for Nexus Pro Requirements
3.2.12. Sonatype CLM for SonarQube Requirements
3.2.13. JIRA Notifications Requirements
4. Quick Start Guide - Nexus Firewall
5. Quick Start Guide - Nexus Lifecycle
6. IQ Server Setup
6.1. Installation
6.1.1. Starting the IQ Server
6.1.2. License Installation
6.1.3. IQ Server Directories
6.1.4. Running the IQ Server as a Service
6.2. Advanced Configuration
6.2.1. Initial Configuration of the IQ Server
6.2.2. Running the IQ Server Behind a HTTP Proxy Server
6.2.3. Setting the Base URL
6.2.4. Reverse Proxy Authentication
6.2.5. Appending a User Agent String
6.2.6. File Configuration
6.2.7. Email Configuration
6.2.8. Logging Configuration
6.2.9. HTTP Configuration
6.2.10. HTTPS/SSL
6.2.11. Anonymous Access
6.2.12. CSRF Protection
6.3. Backing Up the IQ Server
6.4. Upgrading the IQ Server
6.4.1. Upgrading from Version 1.17 or Earlier to Version 1.18 or Later
6.4.2. Upgrading from Version 1.15 or Earlier to Version 1.23 or Later
6.4.3. Upgrading from Version 1.16 or Earlier
6.4.4. Upgrading from Versions Earlier than 1.9.x
7. Security Administration
7.1. Logging In
7.2. Product Notifications
7.3. User Management
7.3.1. Changing the Admin Account Password
7.3.2. Creating a User
7.3.3. Editing and Deleting User Information
7.4. LDAP Integration
7.4.1. Configuring LDAP Server Connection
7.4.2. LDAP Configuration Parameters
7.4.3. Mapping LDAP Users
7.4.4. LDAP User Parameters
7.4.5. Mapping LDAP Groups
7.4.6. LDAP Group Parameters
Static Groups
Dynamic Groups
7.4.7. Verifying LDAP Configuration
Test Connection
Check User and Group Mapping
Check Login
7.4.8. Reordering LDAP Servers
7.5. Role Management
7.5.1. Viewing Built-in Roles
7.5.2. Viewing Permissions of Built-in Roles
7.5.3. Understanding the Importance of Hierarchy
7.5.4. Managing Administrator Roles
Viewing Administrator Roles
Assigning Users to Administrator Roles
7.5.5. Managing Organizational Roles
Viewing Organizational Role Assignments
Assigning Users to Organizational Roles
Editing Organizational Role Assignments
Removing Organizational Role Assignments
7.5.6. Creating Custom Roles
7.5.7. Assigning Groups to Roles without Searching
7.5.8. Viewing Role Assignments
8. Organization and Application Management
8.1. Hierarchy
8.2. Inheritance
8.3. Applications, Evaluations, and Reports
8.4. The Root Organization
8.4.1. Configuring the Root Organization
8.4.2. Creating the Root Organization
8.5. Viewing the Root Organization
8.6. Creating an Organization
8.7. Editing an Organization
8.8. Deleting an Organization
8.9. Creating an Application
8.10. Editing an Application
8.10.1. Selecting an Application Contact
8.10.2. Removing an Application Contact
8.10.3. Copying the Application ID to Clipboard
8.10.4. Changing an Application ID
8.11. Moving an Application
8.12. Deleting an Application
8.13. Viewing Organizations and Applications
8.14. Managing Organizations and Applications
9. Basic Policy Management
9.1. What is a Policy?
9.2. Getting Started with Policies
9.2.1. Downloading the Sample Policy Set
9.2.2. Importing Policies
9.3. Viewing Policies
9.4. Creating Policies
9.5. Editing Policies
9.6. Deleting Policies
9.7. Understanding the Parts of a Policy
9.7.1. Policy Name
9.7.2. Threat Level
9.7.3. Inheritance
9.7.4. Constraints and Conditions
9.7.5. Actions
9.7.6. Notifications
9.7.7. JIRA Notifications
9.8. Continuous Monitoring of Applications
9.9. Proprietary Component Configuration
10. Advanced Policy Management
10.1. Component Labels
10.1.1. Viewing a Component Label
10.1.2. Creating a Component Label
10.1.3. Editing a Component Label
10.1.4. Deleting a Component Label
10.2. License Threat Groups
10.2.1. Viewing a License Threat Group
10.2.2. Creating a License Threat Group
10.2.3. Editing a License Threat Group
10.2.4. Deleting a License Threat Group
10.3. Application Categories
10.3.1. Creating Application Categories
10.3.2. Editing an Application Category
10.3.3. Deleting an Application Category
10.3.4. Assigning an Application Category
10.4. Manual Application Evaluation
11. The Dashboard
11.1. Using the Dashboard
11.2. Filters
11.3. Results
11.3.1. Policy Violation Trends
11.3.2. Violations
11.3.3. Components
11.3.4. Applications
11.4. Viewing Component Details
11.5. Exporting Results
12. The Application Composition Report
12.1. Accessing an Application Composition Report
12.2. Reviewing a Report
12.2.1. Summary Tab
12.2.2. Policy Violations Tab
12.2.3. Security Issues Tab
12.2.4. License Analysis Tab
12.3. Printing and Reevaluating the Report
12.4. The Component Information Panel (CIP)
12.5. Resolving Security Issues
12.5.1. Security Issues
12.5.2. The Component Information Panel (CIP)
12.5.3. Editing Vulnerability Status
12.5.4. Matching to Violations
12.6. License Analysis Tab
12.6.1. License Threat Group
12.6.2. License Analysis
12.6.3. The Component Information Panel (CIP)
12.6.4. Editing License Status and Information
12.7. Component Identification
12.7.1. Matching Components
12.7.2. Managing Proprietary Components
12.7.3. Claiming a Component
12.8. Component Label Overview
12.8.1. Where do component labels begin?
12.8.2. Assigning a Label
12.9. Waivers
12.9.1. A Use Case for Waivers
12.9.2. Adding a Waiver
12.9.3. Viewing and Removing a Waiver
12.10. Policy Reevaluation
12.11. PDF Report
12.11.1. Creating the PDF
12.11.2. Reviewing the PDF
13. Success Metrics
14. Sonatype CLM and Repository Management
15. IQ for Nexus Repository Manager
15.1. Integrating Nexus Repository Manager 2.x and IQ Server
15.1.1. Connecting to IQ Server
15.1.2. Viewing Component Information
15.1.3. Component Details
15.1.4. Using Staging to Control Releases
Staging Profile Configuration
Policy Actions for Staging
Policy Actions for Release Repositories
15.1.5. Using Audit and Quarantine
Configuring Audit and Quarantine
Disabling Audit and/or Quarantine
Releasing a Component from Quarantine
Re-enabling Audit and/or Quarantine
Viewing Repository Results
15.2. Integrating Nexus Repository Manager 3.x and IQ Server
15.2.1. Connecting to IQ Server
15.2.2. Viewing Component and Assets Information
15.2.3. Using Audit and Quarantine
Configuring Audit and Quarantine
Disabling Audit and/or Quarantine
Releasing a Component from Quarantine
Viewing Repository Results
Granting Privileges to View Audit and Quarantine Summary Results
15.3. Understanding Repository Results
15.3.1. Using the Component Information Panel (CIP)
15.3.2. Waiving Repository Policy Violations
15.4. Managing Repositories
15.5. Managing User Roles
15.6. Removing a Repository in IQ Server
16. Sonatype CLM and Continuous Integration
17. Nexus IQ for Bamboo
17.1. Install Nexus IQ for Bamboo
17.2. Configure Nexus IQ for Bamboo
17.3. Adding the IQ Analysis Task
17.4. Reviewing IQ Policy Results
18. Nexus IQ for Hudson/Jenkins
18.1. Plugin Selection
18.2. Integrating Nexus IQ for Hudson/Jenkins 1.x
18.2.1. Installation
18.2.2. Global Configuration
18.2.3. Job Configuration
18.3. Integrating Nexus IQ for Jenkins 2.x
18.3.1. Installation
18.3.2. Global Configuration
18.3.3. Job Configuration
Freestyle or Multi-Configuration Projects
Pipeline Projects
Return Value from Pipeline Build
Docker Images
18.4. Inspecting Results
19. IQ Server and IDEs
20. Sonatype CLM for Eclipse
20.1. Installing Sonatype CLM for Eclipse
20.2. Configuring Sonatype CLM for Eclipse
20.3. Using the Component Info View
20.4. Filtering the Component List
20.5. Searching for Component Usages
20.6. Inspecting Component Details
20.7. Migrating to Different Component Versions
21. IQ for IDEA
21.1. Installing IQ for IDEA
21.2. Configuring IQ for IDEA
21.3. Using the Component Info View
22. IQ for Visual Studio
22.1. Installing IQ for Visual Studio
22.2. Configuring IQ for Visual Studio
22.3. Using IQ for Visual Studio
23. Sonatype CLM for SonarQube
23.1. Installation
23.2. Configuration
23.3. Select the CLM Application
23.4. Add and Configure the Sonatype CLM Widget
23.5. Accessing the Application Composition Report
24. Nexus IQ CLI
24.1. Downloading the Nexus IQ CLI
24.2. Locating Your Application ID
24.3. Evaluating an Application
24.3.1. Additional Parameters
24.3.2. Loading Parameters from a File
24.4. Example Evaluation
24.5. Using the Nexus IQ CLI with a CI Server
25. Sonatype CLM for Maven
25.1. Evaluating Project Components with Sonatype CLM Server
25.1.1. Authentication
25.1.2. Simplifying Command Line Invocations
25.1.3. Skipping Executions
25.2. Creating a Component Index
25.2.1. Excluding Module Information Files in Continuous Integration Tools
25.3. Creating a Component Info Archive for Nexus Pro CLM Edition
25.4. Using Sonatype CLM for Maven with Other IDEs
25.4.1. Maven Plugin Setup
25.4.2. IntelliJ IDEA
25.4.3. NetBeans IDE
26.1. Component Search REST APIs (v2)
26.2. Component Details API (v2)
26.3. Component Evaluation REST APIs (v2)
26.4. Application REST APIs (v2)
26.4.1. Deleting an Application
26.5. Violation REST API (v2)
26.6. Report-related REST APIs (v2)
26.7. Accessing REST APIs via Reverse Proxy Authentication
27. Webhooks
27.1. Using Webhooks
27.2. Configuring Webhooks
27.2.1. Creating Webhooks
27.2.2. Editing Webhooks
27.2.3. Deleting Webhooks
27.3. Working with HMAC Payloads
27.4. Example Headers and Payloads
27.4.1. Policy Management Event
27.4.2. Application Evaluation Event
27.4.3. Security Vulnerability Override Management Event
27.4.4. License Override Management Event
A. Copyright