IQ Server and IDEs
What is a Nexus IQ IDE Integration?
Nexus IQ Server integrations for Integrated Development Environments (IDEs) provide development teams with direct access to Sonatype's comprehensive component intelligence. Developers can quickly vet components used in an application against their organization's open source policies, greatly reducing time wasted with complicated and exhaustive research.
Who is it for?
From an organizational perspective, IDE integration allows administrators to communicate software quality expectations early on in the software development life cycle (SDLC).
For developers, Nexus IQ Server IDE integrations are designed to work in an environment they're familiar with. Immediate feedback on component quality, including architectural, licensing, and security information, is available right in the IDE allowing for informed decisions about component selection. This means developers can proactively make changes and choose better components before any build warnings or failures.
For example, an administrator sets an organization's policy in the IQ Server. A developer working in an IDE is then able to see which components within their project are violating a policy. The developer can use this information to investigate, fix, or triage policy violations prior to build time.
How does it work?
The Nexus IQ Server acts as the brain for an organization implementing component lifecycle management. There, users will find a platform that provides functionality for managing policy, reviewing component and application information, and evaluating applications and repositories¹. The Nexus IQ Server has several integration points, including repository managers, IDEs, continuous integration servers, and monitoring services for production applications.
IDEs are powerful because they show code hints and code style guidelines allowing developers to fix code and triage if issues are identified. Similarly, a Nexus IQ IDE integration lets developers investigate and fix policy violations. If company policy is violated for any dependencies, the violation can be easily identified and remediated. This could be as simple as changing the version of the component, or if necessary, changing the component used. If the new version has the same API as the previous component, simply run unit and integration tests and make sure everything passes to successfully remediate the policy violation before it gets further along in the SDLC — all without leaving the IDE.
Why should I use it?
Integrating Nexus IQ Server with an IDE helps push decision making into the developer's hands ensuring that components selected for use in an application match company expectations. Developers will see security, license, and other quality information for components before development even begins, and also have access to that data for direct and transitive components used within development projects. This reduces tedious, manual research requirements and provides developers with the ability to make better choices early, saving time further down the life cycle.