Skip to main content

Config YAML


Setting the baseUrl is required for all notifications, the Jira plugin, and SCM integrations.

Set using the Configuration REST API or in the Lifecycle UI.


The IQ Server is an application built on top of a Dropwizard webserver. The configuration file is the YAML formatted config.yml. By default, config.yml is located in the IQ server installation directory, i.e. the same folder that contains the IQ Server .jar file.

There are some configuration options that can only be changed from inside config.yml or using the Configuration REST API. Other options are found in the System Preferences section of the IQ Server browser UI accessed by clicking on the System Preferences icon in the top right of the IQ Server header (sytem preferences cogwheel).


Considerations before editing the config.yml.

  • TAB characters are not supported. Use space characters only for indenting.

  • The YAML (.yml) structure is tree-like. Space indents define the hierarchy.

  • Indented lines are child options of the outdented line preceding them.

  • Comments beginning with the # character are ignored by the parser.


If the config.yml file is not properly formatted, then IQ Server will not start. If you suspect that a badly formatted config.yml is the root cause, then open a terminal, navigate to the installation directory, and attempt to start the server with the demo.bat or ./ commands.

Below is an example error from a Windows machine.

ERROR [2022-03-01 11:08:48,052] com.sonatype.insight.brain.service.InsightBrainService: Fatal error trying to start server
! org.yaml.snakeyaml.scanner.ScannerException: while scanning for the next token
! found character '\t(TAB)' that cannot start any token. (Do not use \t(TAB) for indentation)
!  in 'reader', line 21, column 1:

If you're unable to reformat the config.yml to correct the issue:

  1. Remove the config.yml file from your installation directory and save it somewhere locally. You may consider renaming it.

  2. Download the latest IQ .zip or .tar.gz.

  3. Open the package and locate the config.yml file.

  4. Move the config.yml file from the package into your installation directory.

  5. Diff your previous config.yml file to the new one and update any default options you've changed.

This process will reset any changes you've made to config.yml. Save your original config.yml and diff with the new file to ensure that your options carry over.


See the Advanced Server Configuration for Java Overrides and configuration with Environment Variables


The config.yml is annotated in line with the default configuration. Configurations labeled with an 'Obsolete' version should set the configuration using the Configuration REST API which is stored in the server's database.





Directory for data files.

The default value is './sonatype-work/clm-server'


Path to a license file to automatically install if unlicensed. Disabled by default.


Sample data is created for new installs.



Base URL of the IQ Server for user-facing links back to the server. Required for Email, SCM, and Jira integrations.



Whether or not certain redirects and services are forced to use the configured baseUrl.



Hour of the day (0-23) to schedule Policy Monitoring execution. The default is set to '0' for midnight.



Enables/disables cross-site request forgery protection. Defaults to 'true' for increased security.



A custom fragment to add to the "user-agent" for HTTP calls



The passphrase used to encrypt the Webhook Secret Keys



Configures the number of threads used for the EventBus.

The EventBus is used to asynchronously post various events (e.g. policy evaluation, entity management, license/security vulnerability overrides, etc). These events can then be consumed by various services (e.g. webhooks, source control, etc).

via the new name eventBus.maxThreadPoolSize