CI and CLI Integrations

The following is a list of Nexus IQ integrations that support Nexus IQ for SCM.

Nexus IQ CLI

While tools offering full integration for evaluations are provided, any application can be evaluated against your policies using the Nexus IQ CLI.

  • IQ 67 and higher

Instructions for Use

Run the nexus-iq-cli command as you would normally anywhere within the git cloned project folder. Nexus IQ for SCM will automatically discover the commit hash and repository URL from the git context and send this information to Nexus IQ Server along with the policy evaluation request.

Additional command output will print the repository and commit hash discovery information:

[INFO] Validating IQ Server version http://localhost:8070...
[INFO] Validating application ID test-app with the IQ Server http://localhost:8070...
[INFO] Discovered repository url 'https://github.com/my-org/my-repo' via jGit
[INFO] Discovered commit hash '00ac4dc1da4b8ce233df110cbd175ae85284b655' via jGit

If you are not running the command within a git cloned project folder, you can set the GIT_DIR environment variable to the full path of the .git folder for the git cloned project.

If you do not have a git cloned project, you can pass in the commit hash with the nexus-iq-cli parameter --metadata that points to a file with the commit hash in this format:

{"commitHash": "<git commit hash>"}

See Nexus IQ CLI for details.

Nexus IQ CLI Docker Image

The Nexus IQ CLI is also available as a docker image at https://hub.docker.com/r/sonatype/nexus-iq-cli.  The documentation there details how to use the image to perform an evaluation.

  • Version 1.3 and higher

Nexus Platform Plugin for Jenkins

Nexus Platform Plugin for Jenkins scans a build workspace for components, create a summary file about all the components found, and then submits that file to IQ Server for a detailed policy evaluation. A report is generated containing detailed analysis of security and license information and a summary of that report is sent back to the Jenkins server to be included in the build results.

  • Version nexus-jenkins-plugin-3.8.20191204-084645.a4bff16 and higher

Instructions for Use

Run the Nexus Platform Plugin for Jenkins as you would normally do. Nexus IQ for SCM will automatically discover the commit hash and the repository URL by first reading the GIT_COMMIT and GIT_URL environment variables respectively. If either or both environment variables are not set, Nexus IQ for SCM will discover the commit hash and repository URL by walking up the directory tree until it finds the .git folder.

In the Jenkins System Log, additional command output will print the commit hash and repository URL discovery information:

Dec 20, 2019 4:45:53 PM FINE com.sonatype.nexus.git.utils.commit.AggregateCommitHashFinder tryGetCommitHash
Unable to find commit hash via environment variable GIT_COMMIT
Dec 20, 2019 4:45:53 PM INFO com.sonatype.nexus.git.utils.commit.AggregateCommitHashFinder tryGetCommitHash
Discovered commit hash '60638345c358694151de444fd63bfb02ca79ec8b' via jGit
Dec 20, 2019 4:45:56 PM FINE com.sonatype.nexus.git.utils.repository.AggregateRepositoryUrlFinder tryGetRepositoryUrl
Unable to find repository URL via environment variable GIT_URL
Dec 20, 2019 4:45:56 PM INFO com.sonatype.nexus.git.utils.repository.AggregateRepositoryUrlFinder tryGetRepositoryUrl
Discovered repository url 'https://github.com/my-org/my-repo' via jGit

See Nexus Platform Plugin for Jenkins for details.

Nexus IQ for GitLab CI

CI/CD pipeline jobs in GitLab leverage custom docker images to perform desired actions in the context of the GitLab project's build workspace.  As such, the GitLab Nexus IQ docker image provides the ability to run Nexus policy evaluation against build artifacts in GitLab and produces a summary report with policy violation counts and a link to a detailed report on the IQ server.

  • Version release-1.2 and higher

Instructions for Use

Run Nexus IQ for GitLab CI as you would normally. Nexus IQ for SCM with automatically discover the commit hash and the repository url by first reading the CI_COMMIT_SHA and CI_PROJECT_URL environment variables respectively. If either or both environment variables are not set, Nexus IQ for SCM will discover the commit hash and repository URL by walking up the directory tree until it finds the .git folder.

See Nexus IQ for GitLab CI for details.

Sonatype CLM for Maven

Any application can be evaluated against your policies using the Sonatype CLM for Maven Plugin.

  • Version 2.16.0 and higher

Instructions for Use

Run the evaluate goal as you would normally do anywhere within the git cloned project folder. Nexus IQ for SCM will automatically discover the commit hash and repository URL from the git context and send this information to Nexus IQ Server along with the policy evaluation request.

Additional command output will print the repository and commit hash discovery information (some lines were omitted):

[INFO] Starting scan...
[INFO] Discovered commit hash 'b8d6b434dad8670ddfd08a0f9232df46134f2198' via jGit
...
[INFO] Discovered repository url 'https://github.com/my-org/my-repo' via jGit

If you are not running the command within a git cloned project folder, you can set the GIT_DIR environment variable to the full path of the .git folder for the git cloned project.

See Sonatype CLM for Maven for more details.


Nexus IQ for Bamboo

The Nexus IQ for Bamboo plugin provides the ability to run Nexus IQ policy evaluations against build artifacts in Bamboo and produces a summary report with policy violation counts and a link to a detailed report on the IQ server.

  • Version release-1.15.0 and higher

Instructions for Use

Add an IQ Policy Evaluation task to your build plan in Bamboo. Execute the plan as you would normally do. Nexus IQ for SCM will automatically discover the commit hash and the repository URL and will send that information to Nexus IQ Server as part of the policy evaluation request.

The collection of the commit hash and the repository URL can be viewed in the build log as shown below (some lines were omitted):

simple	04-Feb-2020 11:15:45	Starting IQ analysis
...
simple	04-Feb-2020 11:15:47	Discovered commit hash '17950bd5cf0492d046e6f01b49836f073638af4f' via jGit
simple	04-Feb-2020 11:15:47	Completed IQ analysis
simple	04-Feb-2020 11:15:47	Repository URL defined in plan: https://github.com/my-org/my-repo
...
simple	04-Feb-2020 11:15:58	Policy evaluation completed in 10 seconds.

See Nexus IQ for Bamboo for more details.