Sonatype Nexus IQ plugin
The Release Sonatype Nexus IQ plugin is a Release plugin that enables the evaluation of a binary within the Nexus IQ server.
Place the latest Release Sonatype Nexus IQ plugin jar file under the plugins directory in XLR and restart the XLR server.
Link to download the Sonatype Nexus IQ CLI jar file: NexusIQCLI_jar
This plugin creates the Evaluate Binary task that enables the evaluation of a binary within the Nexus IQ server.
The Sonatype Nexus IQ plugin requires the following:
- A Nexus IQ Server running
- A Sonatype Nexus IQ CLI jar file
To set up a connection to the Nexus IQ server:
- In the top navigation bar, click Settings > Shared configuration
Under configurations, beside Nexusiq: Server, click
- In URL, enter the url where the Nexus Iq server is running
- In Username, enter the username of the server
- In Password, enter the password of the server
- In CLI jar, enter the path of the CLI jar file
- To test the connection, click Test
- To save the configuration, click Save
- Create a folder for sonatype-nexus-iq
- Add a template for the created folder
- In the template, add the Evaluate Binary task which comes under Nexusiq
In the Evaluate Binary task, provide:
- The location of the binary to be evaluated, along with the access username and password for the location if needed
- The name of the Application ID (Public ID)
- The stage of the release to execute the binary
- Create a new release in the template
- Start the release by clicking the Start Release button
- On the completed release, select the Release Dashboard option from the dropdown list in the Show field which is present on the left side of the screen
- Click the Configure Dashboard button on the right side of the screen
- Click the Add Tiles button and add the NexusIQ tile from the available list
- Click the Configure option present in the NexusIQ tile.
- In the Tile Configuration window, select the Nexus Iq server, Application Id, Security level label and click Save
- After clicking the Save button, the NexusIQ dashboard appears on the screen showing the details in the form of a dashboard
To create a report:
- Click Reports
- Go to Release audit report
- Click the button Generate new report
- Select Time period
- Go to Preview results button
- Click the Generate report button
- Download the generated report
- Extract it and verify the extracted reports
On Success: In the extracted folder’s root directory, there is an overall report and you can find reports for individual releases in the reports folder. In individual release reports, for plugins without CoC information, the Security and Compliance tab will not appear; but for plugins with CoC, you can see the tab.
On Failure: The created report for a failed task should show the Compliance check as failed.
Added compatibility with Release 9.6.0