IQ for Developers 102 - Nexus IQ In Your IDE


Overview

Goals

Would you like to be able to quickly vet components used in your application against your organization's open source policies?   Would this save you time? Reduce or eliminate research you’re required to do? This course will show you how to get started operating Nexus IQ within your IDE.  You’ll be able to successfully use the Component Info tab to analyze component risks including security, license, and compliance with established organizational policies.

For this course, we’ve demonstrated using the Eclipse IDE.  Though, it’s important to note that Nexus IQ also integrates with IntelliJ and Visual Studio plugins.    


Learning Objectives

By the end of this course, you will be able to:

  • View vulnerabilities in the open source components in your applications by using  the Component Info tab within your IDE plugin.

  • Review policy violations.

  • Analyze license types and risks of components in your applications.

  • Analyze security risks of components.


Prerequisites

IQ 100 - Foundations

IQ 101 - Organizational Policies

Target Audience

The target audience for this course includes developers using any of the IDEs listed in the system requirements.

System Requirements

It is assumed that your IDE Plugin is installed and configured. Step-by-step directions are available:

 

Setting Expectations

For this course, the screens we’ve demonstrated use the Eclipse IDE. Note that Nexus IQ also integrates with IntelliJ and Visual Studio plugins.


Questions for Reflection

Complete the following activity.  There are no right or wrong answers, just a few questions for reflection before you learn more about the benefits of operating Nexus IQ in your IDE.

Activity:

  1. Does the use of security and license vulnerability data collated by Sonatype enhance your ability to select the most appropriate OSS components?

  2. Are you or any of your colleagues currently required to research security and/or license vulnerabilities before consuming OSS components into your project?