|What’s the expectation for today’s Developers?||Quickly and independently develop, test, and deploy code into production – safely and securely – for you and your team.|
Doing the security part up front rather than wait until the end of the process where code has already been moved to production.
|How do you accomplish that?||Use a tool that can automate open source governance, enforce policies, and remediate vulnerabilities, BEFORE you send to production.|
|But Why?||Long story short – it saves you time. |
“I could do stuff manually, but with more pain and I’d rather be coding.”
Shifting left helps you make better choices early, saving time further down the life cycle.
This course will describe how shifting-left and selecting better components for your applications before they are tightly integrated into the application codebase, will drastically reduce friction and process costs further down the release cycle.
We will review how to analyze component risks within your Integrated Development Environment (IDE) including – security, license, and compliance with established organizational policies which will help you remediate quickly and effectively.
For this course, we’ve demonstrated using the Eclipse IDE. Though, it’s important to note that Nexus IQ also integrates with IntelliJ and Visual Studio plugins.
By the end of this course, you will be able to:
- Describe the impact of making better component choices earlier in the SDLC
- Describe how Nexus IQ IDE Integration fits into the Sonatype Platform
- Articulate the differences between an IDE Integration analysis and a Continuous Integration scan
- Select the best integration option for your particular project
- Determine the right place and time to introduce developer tooling into your DevSecOps process to make better component choices earlier in the SDLC
- Make informed decisions about which component versions to target for an upgrade
- Use the IDE plugin to review policy violations
- Locate the Policy Violations, License Analysis and Security Issues section in the Component Info tab
- Identify OSS policy threats (security, legal, and architectural), current version used, and whether better versions of your components are available
- Differentiate between direct and transitive dependencies
- Upgrade components using the migrate functionality within the IDE plug-ins
The target audience for this course includes developers, software engineers, and others who want to know more about using Nexus IQ in their IDEs.
Estimated Time to Complete
It is assumed that your IDE Plugin is installed and configured. Step-by-step directions are available:
- Installing Nexus IQ for Eclipse
- Installing Nexus IQ for IntelliJ IDEA
- Installing Nexus IQ for Visual Studio
For this course, the screens we’ve demonstrated use the Eclipse IDE. Note that Nexus IQ also integrates with IntelliJ and Visual Studio plugins.
Refer to our Glossary for more information on any of the terms used throughout this course.