Integrations

Overview

Nexus Lifecycle's integrations enable a true Shift-Left application security for development teams. Regardless of which integration you want to begin with, you'll need to be sure you have appropriate permissions for IQ Server and the target tool to make the necessary configuration changes. This may require you to reach out to a member of your Operations team.

Many of our integrations are downloadable and activated through official distribution sites or plugin managers, like  plugins.jenkins.io or marketplace.visualstudio.com/azuredevops. They require some familiarity with the host tool/platform. When activating these plugins, always be sure you're selecting the latest official Sonatype plugin.

We recommend reviewing your tool/platform's configuration before getting started.

Integrations Available

The table below provides a snapshot of our integration plugins.

Host tool/platformPlugins supported
IDEANexus IQ for IDEA provides component analysis for both the Community and Ultimate edition of IntelliJ IDEA.
EclipseNexus IQ for Eclipse plugin lets you perform component analysis, inspect component details, and fix issues all from your IDE. 
Visual StudioNexus IQ for Visual Studio provides component analysis for both the Community, Professional, and Enterprise versions of Visual Studio. 
Nexus Repository Manager 2.xNexus IQ for Nexus Repository Manager 2.x allows you to integrate IQ Server’s policy management and component intelligence features with proxy repositories in Nexus Repository Manager Pro.
Nexus Repository Manager 3.x
Nexus IQ for Nexus Repository Manager 3.x allows you to integrate IQ Server’s policy management and component intelligence features with proxy repositories in Nexus Repository Manager Pro.
BambooNexus IQ for Bamboo analyzes the components used in your software development for security and license characteristics. 

Hudson/Jenkins 1.x

(Deprecated)

(Deprecated) Nexus IQ for Hudson/Jenkins 1.x evaluates the project workspace after a build for all supported component types, creates a summary file about all the components found, and submits that to the IQ Server. 
Jenkins 2.xNexus IQ for Jenkins 2.x plugin provides full component intelligence and the ability to run policy against your application. 
Azure DevOpsNexus IQ for Azure DevOps evaluates pipeline builds for all supported component types and presents policy results and widgets within Azure DevOps.
Source Control Monitoring (SCM)Nexus IQ for SCM allows for early insight into code changes by working in tandem with continuous integration to push policy information about an application’s components directly into the SCM.
CLI

Nexus IQ for CLI to evaluate any application against your policies using the command line interface.

Atlassian JiraNexus IQ for Jira automatically creates Jira project issues when IQ Server application policies are violated. 
Fortify SSCNexus Lifecyle integration with SSC integrates policy evaluation results from Nexus Lifecycle into Fortify SSC.
Maven

Sonatype CLM for Maven lets you evaluate any Maven-based software projects in the same way as our integrated tools providing access to the same robust reporting features no matter what toolset you use. It can be run on a command line interface and executed on any continuous integration server, as well as several popular IDEs.

Go to Integration Requirements to see what's needed for each integration. See Download and Compatibility to get the latest version of IQ Server integrations.