Continuous Risk Profile

NEW IN IQ SERVER RELEASE 120

Nexus IQ for SCM implements the following features that help organizations to keep their continuous development secured by IQ Server.

Default Branch Monitoring

Overview

Nexus IQ for SCM periodically executes policy evaluations on the default branches associated with IQ applications, so that organizations avoid releasing versions with vulnerable components.

When a change is detected on a default branch, Nexus IQ executes a policy evaluation on the updated branch. It guarantees that the policy evaluation report in the Reports section is up to date (see below), also covering the cases where code is directly pushed to the default branch. Further, this feature combined with Automated Pull Requests provides automatic PRs with fixes for components introduced in the main branch that have policy violations.

This feature is enabled for all repository types: private, internal, and public.

Prerequisites

The following criteria are prerequisites for automatic policy evaluations of default branches:

  1. The selected repository is configured for source control, as described in Nexus IQ for SCM.

Source Control Reports

You can access the last report for an application default branch in the Reports section:

Default Branch Monitoring will execute every day at midnight local time a policy evaluation in all default branches of your IQ applications configured with source control. 

Feature Branch Monitoring

Overview

Nexus IQ for SCM periodically detects changes on feature branches that have pull requests, executes policy evaluations on the changed feature branches and updates pull request comments when policy violations are resolved or introduced.

Feature branch monitoring only works on repositories that cannot be accessed publicly. Repositories must be private or internal for all supported providers, except GitHub Enterprise, for which all repositories will work.

Prerequisites

The following criteria are prerequisites for automatic policy evaluations of feature branches:

  1. The selected repository is configured for source control, as described in Nexus IQ for SCM.
  2. The feature branch has an associated open Pull Request.