Instant Risk Profile
Nexus Lifecycle will scan the default branch for each application created through Easy SCM Onboarding. The results from that scan are your Instant Risk Profile. Your results depend on the files stored in your source control repository. Read more about the results for your language here.
SCM Scan Details:
Source Control Scans do the following:
- IQ Server performs a Git clone operation to access the files in your repository.
- The files that IQ Server uses several file types to generate results. Read more here.
- Default branch scans use the 'Source' stage
- Scan/policy evaluation results are available on the Reporting page in the 'Source' stage column
Instant Risk Profile Results
The Instant Risk Profile is a scan of your Source Control Repository. It is triggered when a Lifecycle Application is created through Easy SCM Onboarding. The purpose of this scan is to give you an overview of the risk and policy violations in your application.
During SCM Onboarding, all new applications without a source scan enter a queue. The Reports page will display a 'pending' indicator for applications that are waiting for their initial onboarding scan. When the scan completes the pending indicator is replaced by a summary of the scan and policy evaluation.
The scan report will be available in the component details page.
Nexus Lifecycle offers reporting tools in your source control system:
- Continuous Risk Profile - Lifecycle will scan the default branch on an ongoing basis and pull requests.
- Pull Request Commenting - Nexus Lifecycle will provide feedback directly in pull requests. New pull requests can trigger additional scans.