Nexus Repository 3 Pro Setup

The features discussed in this section require Nexus Repository Pro and IQ Server with the following licenses: Repository and Firewall.


Nexus Firewall uses the Audit and Quarantine capability to protect your development environment from risky or undesirable components. These features use IQ Server policies to identify and prevent a proxy repository from serving unwanted components. This page covers Firewall configuration options in Nexus Repository 3.x Pro. 

Prerequisites

Once these items are completed, you are ready to configure Audit and Quarantine and view audit results. Each of these actions is described below in more detail.

Configure the Audit and Quarantine Capability

To enable Audit and Quarantine in Nexus Repository Manger 3.x, add the capability to the desired repository. 

  1. Navigate to Nexus Repository 3.x.
  2. Go to the Administration main menu.
  3. Click Capabilities under System.
  4. Click the Create capability button.
  5. Select IQ: Audit and Quarantine.
  6. Configure the following options:
    1. Ensure the Enable this capability box is checked. It should be checked by default. 
    2. Select a repository to evaluate in the Repository dropdown.
    3. Click the Enable Quarantine for repository checkbox.
      This setting affects only components that are added to the repository after Quarantine is enabled.
      When a component is quarantined, the Nexus Repository prevents it from being served from the proxy repository. 
  7. Click Create capability to save the new capability for Audit and Quarantine.

An audit of the selected repository will automatically start when this feature is enabled. Nexus Repository contacts IQ Server and evaluates the components within the selected repository against any associated policy.

The results are displayed in Repository Results, which is described in the next section Understanding Repository Results.

To quarantine components there must be a policy in IQ Server set to Fail in the Proxy stage. If the policy is set to warn (rather than fail), components will not be quarantined. For more information about setting policy and the proxy stage, see Policy Management.

Disabling Audit and/or Quarantine

To disable Audit and/or Quarantine:

  1. In Nexus Repository, go to the Administration main menu and click Capabilities under System.
  2. Click the IQ: Audit and Quarantine capability for a specific repository.
  3. To disable Audit, click the Disable button. Note that Quarantine is disabled as well.
  4. To disable Quarantine only, deselect the Enable Quarantine for Repository check box.

    When Quarantine is disabled, all quarantined components are made available for download from your proxy repository. This remains true, if you re-enable Quarantine. Any previously quarantined components are not quarantined again. Only new components are evaluated for quarantine when quarantine is re-enabled.

  5. Click Save to save your changes or click Discard to discard them.

Grant Privileges to View Audit and Quarantine Summary Results

In Nexus Repository 3.x, the "nexus:iq-violation-summary:read" privilege allows you to view audit and quarantine summary results in the IQ Violations column of the Repository view. This privilege is assigned to the Nexus admin role by default. If users are assigned to custom roles, this privilege needs to be added to those roles to view audit and quarantine summary results.

To grant view privileges for audit and quarantine for an existing role:

  1. Go the Administration menu
  2. Click Roles from the Security section of the sidebar
  3. Click on a role from the list
  4. Move the following privileges from the Available column to the Given column:
    1. nx-repository-view—read
    2. nexus:Iq-violation-summary:read
  5. Click Save.

To create a new role with audit and quarantine privileges:

  1. Go the Administration menu.
  2. Click Roles from the Security section of the sidebar.
  3. Click Create role.
  4. Enter a Role ID, Role name, and Role description.
  5. Move the following privileges from the Available column to the Given column:
    1. nx-repository-view—read
    2. nexus:Iq-violation-summary:read
  6. Click Create Role.

For information on assigning privileges, see the Privileges section in Security - Nexus Repository 3.

Viewing Repository Results From Nexus Repository Pro

When you add or delete a component to a proxy repository with Audit enabled, Nexus Repository contacts IQ Server to evaluate the components. Components are checked against any associated policies. The IQ Policy Violations are summarized in Nexus Repository and detailed in IQ Server.

In Nexus Repository 3.x, the audit results are summarized in the IQ Policy Violations column of the Repositories view.  This view is located in the Repository sub menu of the Administration menu.

The IQ Policy Violations column includes the following items:

  • A count of components by their highest policy violation level.
  • A count of quarantined components.
  • A link to Repository Results on IQ Server.

The IQ Policy Violations column will also alert you if there are any errors in the audit and quarantine process. If there is an error a red exclamation mark will appear to the right of the Repository Results along with a description of the error. Additional information will be available in the Nexus Repository logs.

If you do not have permission to view the results summary the IQ Policy Violations column will only display Audit Enabled or Quarantine Enabled. For more information about this permission, see Granting Privileges to View Audit and Quarantine Summary Results.

You can also access Repository Results from the Capabilities submenu on the Administration menu if you have permission to add capabilities in Nexus Repository:

  1. Navigate to the Capabilities page.
  2. Click IQ: Audit and Quarantine for a specific repository.
  3. Click View Results in the Capabilities / IQ: Audit and Quarantine status section. 

See IQ Server and Repository Results to learn more about the Repository Results.