Nexus IQ for SCM

Source Control Management (SCM) systems are generally the first place a piece of code gets shared by developers and the place where it is reviewed by both humans and machines.

Nexus IQ for SCM allows for early insight into code changes by working in tandem with continuous integration to push policy information about an application’s components directly into the SCM. Not all code requires humans, and Nexus IQ can also generate suggested remediations for policy violations directly into the source control repository by opening a pull request with the changes to an application’s component manifest.

Working together, early feedback and automation greatly reduce rework and keep development teams focusing on contributing business value rather than managing application component risk.

To use Nexus IQ for SCM, IQ has to be configured to allow for access to your company's Source Control Management platform.

  • For large organizations, we recommend enabling Automatic Source Control which will allow CI and CLI integrations to configure application source control connections when run from a locally cloned repository (a common practice in CI systems).
  • Once configured, commits should immediately receive Automated Commit Feedback.
  • If enabled and appropriately configured, applications should also start seeing Automated Pull Requests for any new policy violation with a suggested remediation.
  • Likewise, user-created pull requests can receive policy violation information via Pull Request Commenting.

Supported Features in each SCM System