IQ for Visual Studio

Visual Studio is a full featured IDE. IQ for Visual Studio provides component analysis for both the Community, Professional, and Enterprise versions of Visual Studio.

Installing IQ for Visual Studio

IQ for Visual Studio can be installed from within Visual Studio using the Extensions manager or via the Microsoft Visual Studio Marketplace.

Configuring IQ for Visual Studio

IQ Server options are available from within the Visual Studio Options dialog. A URL, Username, and Password can be entered at any time and an Application may be chosen for each solution when opened. The Verify button can be used to verify the connection if a solution is not opened:

whereas the Reload button will load available applications when a solution is opened.

Starting with version 1.3.0, the plugin supports cert authentication.

Clicking the Select button, next to the Certificate field, will open a security dialog. By selecting a cert, typed credentials will empty out and certs will be used for authentication. To revert back and use typed credentials, fill in the username and password fields.

 

Windows Security prompt will display options from the Personal Certificates store. Managing this store is accomplished by using MMC and the Certificates Snap-In. To provide additional choices, right-click the Certificates folder and follow the prompts to install a certificate. Note: Ensure Trusted Root Certificate Authorities store contains a record for the IQ reverse proxy.

After clicking Verify and confirming a successful connection can be made, select an application from the dropdown and restart Visual Studio. Re-opening Visual Studio and the IQ plugin will open a certificate prompt to re-establish a secure connection.

Using IQ for Visual Studio

The IQ for Visual Studio tool window can be accessed by clicking the Nexus IQ tab on the bottom tool strip of Visual Studio. If not accessible from there, it should also be available in View under Other Windows. Once configured and the component analysis is completed, a component view will look similar to the example displayed below. Component details are available by double-clicking on the component name in the Component list or via the View Details button in the component view once you have selected a component.

If you have selected a component with some threats (as above), you can select other versions in the Version Graph and then the View Details to find remediation options. Alternatively, IQ may present a recommended version which you can select and which will update the version graph. 

When you select one of the recommended version links, or if you click on any of the versions in the Version Graph, the "Migrate to Selected" button will become enabled.

Clicking this button will update all projects where this component was present and migrate to the version you selected.

Please go to the Component Info View page to find more details on the available information and how it can be used to remediate policy violations.

Limitations

Projects created using a PackageReference format (as opposed to the older packages.config format) can be scanned and individual dependencies can be remediated, however, due to a NuGet limitation, we are not able to automatically detect changes in the dependencies so users will need to manually rescan.