Instant Risk Profile

Overview

Nexus Lifecycle will scan the default branch for each application created through Easy SCM Onboarding. The results from that scan are your Instant Risk Profile. Your results depend on the files stored in your source control repository. Read more about the results for your language here.

SCM Scan Details:

Source Control Scans do the following:

IQ Server performs a Git clone operation to access the files in your repository.
The files that IQ Server uses several file types to generate results. Read more here.
Default branch scans use the 'Source' stage
Scan/policy evaluation results are available on the Reporting page in the 'Source' stage column

Instant Risk Profile Results

The Instant Risk Profile is a scan of your Source Control Repository. It is triggered when a Lifecycle Application is created through Easy SCM Onboarding. The purpose of this scan is to give you an overview of the risk and policy violations in your application.

During SCM Onboarding, all new applications without a source scan enter a queue. The Reports page will display a 'pending' indicator for applications that are waiting for their initial onboarding scan. When the scan completes the pending indicator is replaced by a summary of the scan and policy evaluation.

Scan Results

No relevant files

A report will not be generated if the source control does not contain any relevant files to scan. The CLI tooling will produce a "No violations" report.

Reviewing Results

The scan report will be available in the component details page.

Next Steps

Nexus Lifecycle offers reporting tools in your source control system:

Continuous Risk Profile - Lifecycle will scan the default branch on an ongoing basis and pull requests.
Pull Request Commenting - Nexus Lifecycle will provide feedback directly in pull requests. New pull requests can trigger additional scans.