Skip to main content

Plugins for IDEs

What is Sonatype for IDE Integration?

Integrated Development Environments or IDEs are the tools where development teams work with their application code.Sonatype integrations for IDEs provide precise open-source intelligence aligned to their organization's requirements and their Application Security team's expectations.

These are the benefits developers can expect from using our Integrations.

  • Immediately identify risks brought in by open-source dependencies

  • See the root cause and full analysis in their environment

  • Quickly identify and upgrade to other versions with less risk

  • Avoid costly rework due to components not being compliant with AppSec requirements

  • Vet new components for risk before becoming dependent them on in their application

  • Secure coding using open-source components

Who is it for?

From an organizational perspective, IDE integration allows administrators to communicate software quality expectations early on in the software development life cycle (SDLC).

For developers, Sonatype (Nexus) IQ Server IDE integrations are designed to work in an environment they're familiar with. Immediate feedback on component quality, including architectural, licensing, and security information, is available right in the IDE allowing for informed decisions about component selection. This means developers can proactively make changes and choose better components before any build warnings or failures.

For example, an administrator sets an organization's policy in the IQ Server. A developer working in an IDE is then able to see which components within their project are violating a policy. The developer can use this information to investigate, fix, or triage policy violations prior to build time.

How does it work?

The Sonatype (Nexus) IQ Server acts as the brain for an organization implementing component lifecycle management. There, users will find a platform that provides functionality for managing policy, reviewing component and application information, and evaluating applications and repositories. The Sonatype (Nexus) IQ Server has several integration points, including repository managers, IDEs, continuous integration servers, and monitoring services for production applications.

IDEs are powerful because they show code hints and code style guidelines allowing developers to fix code and triage if issues are identified. Similarly, a Sonatype (Nexus) IQ IDE integration lets developers investigate and fix policy violations. If company policy is violated for any dependencies, the violation can be easily identified and remediated. This could be as simple as changing the version of the component, or if necessary, changing the component used. If the new version has the same API as the previous component, simply run unit and integration tests and make sure everything passes to successfully remediate the policy violation before it gets further along in the SDLC — all without leaving the IDE.

Why should I use it?

Integrating Sonatype (Nexus) IQ Server with an IDE helps push decision-making into the developer's hands ensuring that components selected for use in an application match company expectations. Developers will see security, license, and other quality information for components before development even begins, and also have access to that data for direct and transitive components used within development projects. This reduces tedious, manual research requirements and provides developers with the ability to make better choices early, saving time further down the life cycle.

Which IDEs are supported?

Version compatibility and support can be found on the Download and Compatibility documentation.