Policy Compliant Component Selection
NEXT-GEN FIREWALL
This feature is only available for npm repositories
Prerequisites
The prerequisites for using this feature have changed.
- IQ Server version 134+
- Nexus Repository Manager Pro 3.38.1+
- An npm repository
- Firewall License
Enabling this feature without Nexus Repository Manager Pro 3.381+ or IQ Server 134 can cause performance issues. For more information contact Sonatype Technical Support.
Summary
In most ecosystems, it is possible to request the latest version or a range of versions for a package in the dependency list. If a dependency accepts multiple versions Nexus Firewall can audit all versions of the package and quarantine version that do not meet your organization's policy standards. Nexus Repository Manager will then provide the most recent policy compliant version of that package. This makes requesting components more reliable for applications using version ranges or requesting the latest version of a component.
Configuration
To enable Policy Compliant Component Selection:
- Navigate to Nexus Repository Manager Pro
- Select the Server Administration and Settings Cog
- Select Repositories
- Select the desired repository
- Check Remove Quarantined Versions
- Click Save
See this page for more information on the Remove Quarantined Versions option.
Usage
This feature will run automatically when an application requests components from a quarantine enabled repository.
Auditing all versions for requested components greatly increases the number of packages checked before downloading. This can increase the dependency install time.
The list of audited and quarantined components is available in the IQ Server Repository Results screen. See the Reviewing Repository Results page for additional information.
To access results from Nexus Repository Manager Pro:
- Navigate to Nexus Repository Manager Pro
- Select Browse from the sidebar
- Click the link in the IQ Policy Violations column
To access results from IQ Server:
- Navigate to IQ Server
- Log in
- Select Orgs and Policies from the sidebar
- Select Repositories
- Click on the desired repository
- Select Quarantined
To see which component versions were installed and information about quarantined versions run npm audit
. This will provide a list of all components and identify instances where the latest version was not installed.