IQ for Visual Studio

Visual Studio is a full featured IDE. IQ for Visual Studio provides component analysis for both the Community, Professional and Enterprise version of Visual Studio.

Installing IQ for Visual Studio

IQ for Visual Studio can be installed from within Visual Studio using the Extensions manager or via the Microsoft Visual Studio Marketplace.

Configuring IQ for Visual Studio

IQ Server options are available from within the Visual Studio Options dialog. A URL, Username and Password can be entered at any time and an Application may be chosen for each solution when opened. The Verify button can be used to verify the connection if a solution is not opened:

whereas the Reload button will load available applications when a solution is opened.

Using IQ for Visual Studio

The IQ for Visual Studio tool window can be accessed by clicking the Nexus IQ tab on the bottom tool strip of Visual Studio. If not accessible from there, it should also be available in View under Other Windows. Once configured and the component analysis is completed, a component view will look similar to the example displayed below. Component details are available by double clicking on the component name in the Component list or via the View Details button in the component view once you have selected a component.

If you have selected a component with some threats (as above), you can select other versions in the Version Graph and then the View Details to find remediation options. Alternatively, IQ may present a recommended version which you can select and which will update the version graph. 

When you select one of the recommended version links, or if you click on any of the versions in the Version Graph, the "Migrate to Selected" button will become enabled.

Clicking this button will update all projects where this component was present and migrate to the version you selected.

Please go to the Component Info View page to find more details on the available information and how it can be used to remediate policy violations.

Limitations

Projects created using a PackageReference format (as opposed to the older packages.config format) can be scanned and individual dependencies can be remediated, however due to a NuGet limitation, we are not able to automatically detect changes in the dependencies so users will need to manually rescan.