IQ for IDEA
IntelliJ IDEA is a full featured IDE used for Java development. IQ for IDEA provides component analysis for both the Community and Ultimate edition of IntelliJ IDEA.
Installing IQ for IDEA
Plugin Download Link - Note the plugin is not available on the IDEA Marketplace
IQ for IDEA supports installation via a zip file from disk. Installation is performed similarly to other plugins, using the Settings/Preferences dialog. Click on Plugins from the left hand pane to expose the option to install plugin from disk. From there, browse to the plugin zip file and select it.
Remember to restart IntelliJ IDEA before continuing to access the plugin.
Configuring IQ for IDEA
After the successful installation of IQ for IDEA, the plugin must be configured to connect to IQ Server. The configuration can be accessed via the Settings/Preferences dialog. Expanding Other Settings in the left hand pane will reveal Nexus IQ. Click on Nexus IQ to set up the plugin for IQ Server.
- Server URL: Enter the url of IQ Server
- Authentication Method:
- PKI Authentication: Delegate authentication to the JVM.
User Authentication: Enter the username and password your IQ Server Administrator has assigned you.
You will be prompted for your Master Password (or to set up a Master Password) when saving the Preferences/Settings. This allows IDEA to store your IQ Server password securely.
Once the IQ Server information is provided, click Connect to verify the connection to IQ Server. Next, select an Application from the dropdown to run policy against.
Using the Component Info View
The IQ for IDEA tool window can be accessed by clicking the Nexus IQ tab on the bottom tool strip of IDEA. If not accessible from there, it should also be available in View under Tool Windows. Once configured and the component analysis is completed a component view will look similar to the example is shown in the image below. The list of components will reflect an analysis of the project’s libraries.
By default, all project libraries are included in the list. Filters can be applied to adjust which libraries are included by scope: Compile, Test, Runtime, and Provided.
Right clicking on any component will bring up a menu of actions. Maven projects should allow for the following: View Details, Find Usages, and Open Maven POM.
- View Details will open the details screen providing more context to the component.
- Find Usages will bring up a list of every module the component is used in. Clicking on a module will bring up the location in the Maven POM where the component is declared.
- Open Maven POM will open the Maven POM of the component selected.
Please go to the Component Info View page to find more details on the available information and how it can be used to remediate policy violations.
Migrating to Different Component Versions
If you determine that a component upgrade is required to avoid a security or license issue or a policy violation, after reviewing your component usage, IQ for IDEA can be used to assist you in the necessary refactoring.
The first step to start the migration is to select a newer version for the component in the visualization chart, or by selecting the recommended version. An example is displayed in the image below:
Once you have selected a different version than the one currently used, the Migrate button will become active. Pressing the button completes the migration from the current component version to the selected component version, by updating the component version in the relevant project POM files. The migration process is able to detect circumstances such as the component being a transitive dependency or versions managed in a property.
After the migration is completed, the component list will be updated and a component scan will be initiated. You should perform a full build, as well as a thorough test, to determine that you can proceed with the new version in your development.
Typically, smaller version changes will have a higher chance of working without any major refactorings, or adaptations, of your code base and projects, while larger version changes potentially give you more new features or bug fixes.
Your release cycle, customer demands, productions issues, and other influencing factors will determine your version upgrade choices. You might decide a multi-step approach, where you do a small version upgrade immediately to resolve current issues and then work on the larger upgrade subsequently to get the benefits of using a newer version. Or, you might be okay with doing an upgrade to the latest available version straight away. Potentially, a combination of approaches in different branches of your source code management system is used to figure out the best way of going forward with the upgrade.
IQ for IDEA and other tools of the IQ Server suite can assist you through the process of upgrading, as well as monitoring, the applications after upgrade completion.