Automated Source Control Feedback

Overview

Nexus Lifecycle provides policy violation information directly in your Source Control Management (SCM) system. This can be policy evaluation summaries on new pull requests, comments in your pull requests, and opening new pull requests. Learn more about each feature below:

FeatureDescription

Policy Evaluation Summaries

  • Performs a Policy Analysis on new Pull Requests.
  • This is a Status Check, Build Check, or Pipeline step depending on your source control provider.
  • Optionally set as required to merge the pull request.

Pull Request Commenting

  • Comments on a pull request when the request introduces a new policy violation.
  • The comment will identify the component introducing the violation.

Pull Request Line Commenting

  • Comments on the specific line of code introducing a new policy violation in a pull request.
  • Available for Maven, Go, npm and Gradle.

Automatic Pull Requests

  • Opens a new pull request to update the dependency to a version without a policy violation.
  • Available in npm, Maven, Gradle, and Go. 

Prerequisites

All features require the Lifecycle Application is configured with an Access token and repository URL. 

The table below identifies where features can be enabled and disabled: 

Feature

Automatic Pull Requests

Automated Commit Feedback

Pull Request Commenting

Pull Request Line Commenting

Configuration

Configured at the Organization level in Lifecycle.
  • Disabled by default
Configured in SCM Provider.

Configured at the Organization level in Lifecycle. 

  • Enabled by default
Enabled when Pull Request Commenting is enabled.