Nexus Integrations

Sonatype provides a wide range of integrations for Nexus Repository Manager and IQ Server, as well as tempates for various cloud deployments for both products. In general, integrations to Nexus IQ Server require a Lifecycle license, while integrations between Nexus IQ Server and Nexus Repository Manager require either a Lifecycle or Firewall license, and/or Nexus Repository Pro. 


Nexus Integrations Capability Matrix

The following provides a summary view of our current integration offerings with leading DevOps toolchain applications and technology stacks. 


For additional information regarding supported languages and package formats, see:  https://www.sonatype.com/languages-packages

CI/CD Systems


JenkinsAzure DevOpsBambooCircle CI

ServerCloudServerCloudServerData CenterCircle CI

Policy Evaluation

Perform a policy evaluation within build pipeline



Policy Summary

Get policy evaluation summary within build pipeline

Publish to Nexus Repository Manager

Ability to push build artifacts to Nexus Repository manager


Dashboard Widgets

View summary policy evaluation information in graphical form within build pipeline





Build Failure Report

View detailed policy evaluation results within build pipeline

Legend:  = Supported,  = Not Tested, = Community





Source  Control Management (SCM)


Azure DevOpsBitbucketGitHubGitLab

ServicesServerCloudServerData CenterCloudEnterprise CloudEnterprise

Easy SCM Onboarding

Quickly onboarding source repositories into IQ applications.

Build Status

Automated Pull/Merge Requests  

Automatically create pull requests for policy violations on components with suggested remediation.

maven, gradle, npm, go

maven, gradle, npm, go

maven, gradle, npm, go

maven, gradle, npm, go

maven, gradle, npm, go

maven, gradle, npm, go

maven, gradle, npm, go

maven, gradle, npm, go

maven, gradle, npm, go

Pull/Merge Request Commenting 

Developer is notified of component issues upon commit to repository. Information is consolidated at Pull/Merge Request level.




Code Insights

Code Insights

Code Commenting

Detailed, line-level information is provided of component issues upon commit to repository. 


Code Insights

Line-level comments in PR Review

maven, gradle, npm, go

Code Insights

Line-level comments in PR Review

maven, gradle, npm, go

Line-level comments in PR Review

maven, gradle, npm, go

Line-level comments in PR Review

maven, gradle, npm, go

Line-level comments in PR Review

maven, gradle, npm, go

Line-level comments in PR Review

maven, gradle, npm, go

CI/CD Integration

Integration with SCM system's build capability

Pipelines

Pipelines

n/an/a

Actions

Pipelines

Pipelines

DepShield 

Free source scanning for public repositories



Legend:  = Supported,  = Not Tested




IDE Integration


EclipseIDEAVisual StudioVS Code

Component Intelligence - Lifecycle Intelligence

View component status within IDE using premium data from Nexus Lifecycle Intelligence

Component Intelligence - OSSIndex

View component status with IDE using data from OSSIndex




Build file formats

Java Classpath

(Maven, Gradle, ...)

Java Classpath, npm

(Maven, Gradle, ...)

NuGet

npm, RubyGems, Go* , R, PyPi

*(Go supports dep and go mod buids, and only on linux)Int

Legend:  = Supported,  = Not Tested,  = Community




Package / Build Tools


MavenGradle

Policy Evaluation

Perform a policy evaluation using standardized build tools

Legend:  = Supported,  = Not Tested,  = Community




Ticketing Systems


Jira

Jira CloudJira ServerJira Data Center
Atlassian Jira Notifications

Jira ticket automatically created upon policy violation



Nexus IQ for Jira 

Jira ticket automatically created upon policy violation,  advanced ability to group tickets via policy or component


Legend:  = Supported,  = Not Tested



--  Icons made by Alfredo Hernandez from Flaticon