Nexus IQ for SCM

Source Control Management (SCM) systems are generally the first place a piece of code gets shared by developers and the place where it is reviewed by both humans and machines.

Nexus IQ for SCM allows for early insight into code changes by working in tandem with continuous integration to push policy information about an application’s components directly into the SCM. Not all code requires humans, and Nexus IQ can generate suggested remediation for policy violations directly into the source control repository by opening a pull request with the changes to an application’s component manifest.

Working together, early feedback and automation greatly reduce rework and keep development teams focused on contributing business value rather than manually managing application component risk.

To use Nexus IQ for SCM, IQ has to be configured to allow for access to your company's Source Control Management platform.

  • Enable Automatic Source Control to allow CI and CLI integrations to configure application source control connections when run from a locally cloned repository (a common practice in CI systems). This configuration can be done manually as well.
  • Once configured, commits should immediately receive Automated Commit Feedback.
  • If enabled and appropriately configured, applications should also start seeing Automated Pull Requests for any new policy violation with a suggested remediation.
  • Likewise, user-created pull requests can receive policy violation information via Pull Request Commenting.

Note: While the term 'pull request' is used throughout this documentation, the equivalent terminology in GitLab is 'merge request'.

Supported Features in each SCM System

FeatureBitbucket CloudBitbucket ServerGitHubGitLab
Automated Commit Feedback(tick)(tick)(tick)(tick)
Automated Pull Requests(tick)(tick)(tick)(tick) (V11+)
Pull Request Commenting(error)(tick)(tick)(tick) (V11+)
Pull Request Line Commenting(error)(tick) (V6.7+)(tick)(tick) (V11+)
Bitbucket Code Insights(error)(tick)N/AN/A