InnerSource Repository Configuration

NEW IN RELEASE 135

Organizations that use Nexus Repository Manager 3 (NXRM3) as their InnerSource code repository can integrate the IQ Server with the repository to view version data of InnerSource components. This data will be available in the Version Explorer graph on the component details page which improves remediation of issues. Please refer to the InnerSource Insight documentation to learn more about InnerSource components and IQ server support for InnerSource.   


InnerSource code repository

This is typically the repository that a developer (or CI server) would configure the local environment to access InnerSource component distributions. This can either be a hosted or a proxy repository and it can even be a mixed repository that hosts both open source and InnerSource components. The credentials used for connection configurations must have privileges to browse and locate components and their versions. Note: In the case of proxy repositories only the components downloaded to the repository will be considered. 


Repository configuration levels 

An InnerSource repository can be configured in IQ at different levels in the application and organization hierarchy. Child organizations and applications can be configured to inherit parent repository connection settings. Similarly, settings can also be disabled at any level and block child organizations and applications from overriding or configuring local connections.  

By default InnerSource Repository configuration is disabled on the Root Organization which will be inherited by all organizations and applications, however, the default setting also permits overrides to this configuration so that other organizations and applications can configure their own settings. 

Configuring InnerSource repository connections on Organizations and Applications   

To configure an InnerSource repository connection for any application or organization:

  1. Click the Orgs and Policies Orgs and Policies icon in the IQ toolbar.
  2. Select the organization or application you wish to edit from the sidebar.
  3. Scroll down to the InnerSource Repositories section which should look similar to the below.

InnerSource Repositories

This section lists the effective InnerSource repository connections applicable to the selected application or organization. Depending on how it is set up, it should specify if the connections are inherited from a parent organization or local to itself or none if no applicable repository connections for this. 

       4. To change this configuration click the edit button to pull up the configuration shown below

The options will vary slightly depending on whether you are editing the Root Organization, a child organization, or an application.

  • For the Root Organization, you are able to select whether InnerSource Repository Configuration is enabled or disabled, and whether or not child organizations and applications are able to override this configuration. 
  • For child organizations, you are able to select whether or not InnerSource Repository Configuration is enabled, disabled, or inherited from the parent, as well as whether or not applications are able to override this setting. 
  • For applications, you are able to select whether or not InnerSource Repository Configuration is enabled, disabled, or inherited from the parent

If a parent organization has disabled overrides then the settings from that parent will be inherited and the user interface for editing the configuration will be disabled with a message indicating the reason.

Configuring a Repository connection 

In order to add a new repository connection:

  1. Select the Enable and Override Repository Connections option and click Update on the InnerSource Repository Configuration page.
  2. Click on the Add a Repository button, which should now be enabled after Step 1.
  3.  This will display the Add InnerSource Repository Configuration pop-up shown below. 

   4. Enter the following parameters

Repository Format

Valid values in this drop-down are "maven", "npm" or "generic". 

Select "maven" if you want this connection to query the repository for maven components only, or if the repository contains only maven components.

Select "npm" if you want this connection to query the repository for npm components only, or if the repository contains only npm components.

Select "generic" if you want this connection to query the repository for both maven and npm components, or if the repository contains both, maven and npm components. (Do not select generic if the repository does not contain components of both formats, as this may result in wasted queries. As a performance best practice, we recommend selecting either maven or npm formats.)

Note: If you have multiple repository connections, corresponding to each component format in addition to one for generic, IQ Server will use the format specific connection to resolve all versions for that component.

Repository Base URLThe base URL to the NXRM3 repository. For example, http://repository-host:8081/
Repository Authentication

Choose Allow Anonymous Access if the repository does not require API authentication when querying for InnerSource component data. Otherwise, select Enter Username and Password.

UsernameEnter the username or the user token code that has privileges to query InnerSource component data. (a.k.a, service account username for the repository.)
PasswordEnter the password or the passcode of the user token. (a.k.a, service account password for the repository.)

   5. Click Test Configuration to verify a connection can be made to the NXRM3 server.

   6. Click Create when finished.

Editing or Deleting an existing repository connection

For editing an existing repository connection, or to delete one, you can click the edit Edit or delete Delete icons of the respective connection from the InnerSource Repository Configuration page. The edit pop up which is similar to the add configuration pop up above allows you to change the existing connection details and clicking the delete Delete icon will remove the selected connection.


Make sure you have the right permissions to access/view the InnerSource configuration (View IQ Elements) and to edit repository connection details (Edit IQ Elements).