Easy SCM Onboarding


Easy SCM Onboarding allows users to quickly create IQ Applications for their repositories from a source control management (SCM) system. Once created, the applications will be automatically scanned by the Instant Risk Profile feature in Nexus IQ server.


The following criteria are prerequisites for Easy SCM Onboarding:

  1. A supported SCM system
  2. A user token, as described in Source Control Configuration and added to the Root Organization

Because SCM Onboarding rapidly increases the number of applications in your IQ Server, you may need to increase your system resources. Visit our System Requirements documentation to learn more.

Using Easy SCM Onboarding

The Easy SCM Onboarding tool is launched either from the system's "cog" menu as "SCM Onboarding" or by clicking an existing organization on the "Orgs & Policies" Page then clicking "Import Applications".

Loading Repositories

When IQ Server can't determine the URL of your SCM host, it will prompt you to enter it via a modal dialog:

In general, Easy Onboarding will use the most common base URL of the existing applications which share the same token (ie: inherit from the same organization). This means that it will prompt for a URL when:

  • the selected organization has a custom token but does not have any SCM applications with usable URLs (ie: the applications do not have their own custom tokens)
  • the selected organization does not have a custom token but there are no SCM applications in this organization (or other organizations without custom tokens) with usable URLs (ie: the applications do not have their own custom tokens)

This dialog will also appear if it tries to connect to an SCM host and receives an error (eg: authentication failed).

After you provide a URL to your SCM host and click "Continue", Easy SCM Onboarding will query for a list of all available repositories.

Selecting an Organization

If launched from a specific organization under the Orgs & Policies page, that organization will be selected by default but users may select any other organization using the Organization dropdown. There is also a "New Organization" button that will let users create a new organization.

Selecting Repositories

Once the list of repositories has loaded, users may select the repositories to import into IQ. If the list is very large, it may take a while to load initially (roughly half a minute per thousand repositories, but times will vary). With large lists, there are several features to help narrow down the list to select only the repositories of interest. In general, only rows that are visible on the screen are selected, everything that is hidden will be deselected.


All text columns have filter fields at the top. The filters are case-sensitive. If a row was selected and then a filter hides the row, the row will be deselected automatically.


The pagination controls at the bottom will switch between the various pages in groups of 15. Switching between pages causes previously selected rows to be deselected.

Select All

The "Select All" action will select only the visible rows on the current page.

Importing Applications

All imported applications will use the Default Branch that is configured in the Root Organization (or in the selected Organization). For details on setting this, see Source Control Configuration. If this branch does not exist, no report will be generated and the application will need to be removed and reimported with the correct Default Branch to receive an initial evaluation.

The Easy SCM Onboarding page allows users to see a list of the repositories that are available for the selected SCM. Selecting them and clicking "Import Repositories" at the bottom of the page will create new IQ applications in the selected organization with the source control details stored for later Instant Risk Analysis scans, PR commenting, and other features.

Viewing Scan Reports

After an application has been imported, the Instant Risk Profile system will queue it up for an automatic scan. When there are imported applications, a link to reports will appear as "Go To Reports" on the import success dialog or at the top of the page.

You can also go to see the reports at any time by clicking on the "Reports" link in the top menu bar.