Sonatype

×

Using Nexus Lifecycle in Your IDE

Current Status
Not Enrolled
Price
Free
Get Started
Course
Materials
What’s the expectation for today’s Developers?  Quickly and independently develop, test, and deploy code into production – safely and securely – for you and your team.
Doing the security part up front rather than wait until the end of the process where code has already been moved to production.
How do you accomplish that?Use a tool that can automate open source governance, enforce policies, and remediate vulnerabilities, BEFORE  you send to production.
But Why?Long story short – it saves you time. 
“I could do stuff manually, but with more pain and I’d rather be coding.”
Shifting left helps you make better choices early, saving time further down the life cycle.
Developers innovate more, waste less time chasing false positives, and improve productivity by 38%

This course will describe how shifting-left and selecting better components for your applications before they are tightly integrated into the application codebase, will drastically reduce friction and process costs further down the release cycle.

We will review how to analyze component risks within your Integrated Development Environment (IDE) including – security, license, and compliance with established organizational policies which will help you remediate quickly and effectively.

For this course, we’ve demonstrated using the Eclipse IDE. Though, it’s important to note that Nexus IQ also integrates with IntelliJ and Visual Studio plugins.

Objectives

By the end of this course, you will be able to:

  • Describe the impact of making better component choices earlier in the SDLC
  • Describe how Nexus IQ IDE Integration fits into the Sonatype Platform
  • Articulate the differences between an IDE Integration analysis and a Continuous Integration scan
  • Select the best integration option for your particular project
  • Determine the right place and time to introduce developer tooling into your DevSecOps process to make better component choices earlier in the SDLC
  • Make informed decisions about which component versions to target for an upgrade
  • Use the IDE plugin to review policy violations
  • Locate the Policy Violations, License Analysis and Security Issues section in the Component Info tab
  • Identify OSS policy threats (security, legal, and architectural), current version used, and whether better versions of your components are available
  • Differentiate between direct and transitive dependencies
  • Upgrade components using the migrate functionality within the IDE plug-ins

Prerequisites

IQ-100 Foundations
IQ-101 Organizational Policies

Target Audience

The target audience for this course includes developers, software engineers, and others who want to know more about using Nexus IQ in their IDEs.

Estimated Time to Complete

45 minutes

System Requirements

It is assumed that your IDE Plugin is installed and configured. Step-by-step directions are available:

The product version used in this course may be different than your own. The screens may have a different display, but the content and concepts remain generally the same.

Setting Expectations

For this course, the screens we’ve demonstrated use the Eclipse IDE.  Note that Nexus IQ also integrates with IntelliJ and Visual Studio plugins.

Refer to our Glossary for more information on any of the terms used throughout this course.

Ratings and Reviews

5.0
Avg. Rating
6 Ratings
5
6
4
0
3
0
2
0
1
0
What's your experience? We'd love to know!
John
Posted 5 months ago
Great course, very helpful

I was able to get a good understand of the IDE integration with IQ server

×
Preview Image
yashpal
Posted 6 months ago
Integration with IDE

Learned to detect earlier security Flaws in our application

×
Preview Image
Christopher
Posted 8 months ago
Great to learn about the Developer point of view using an IDE

I don't have much experience with IDEs yet and this course enabled me to set up an IDE, configure Nexus and use it within the IDE.

×
Preview Image
Santi
Posted 8 months ago
Excellent IDE Course

This course helped me setup my IDE and use it with my IQ policy.

×
Preview Image
Derek
Posted 8 months ago
Nice to know what is available in the IDEs

Great starting point for shifting left with Dev Security.

×
Preview Image
Alex
Posted 9 months ago
A great course for getting started with the IQ IDE integration

It was really helpful to see the process of configuring the IDE Integration right through to reviewing the results of a local scan in the form of demo videos in this course. I was able to follow along and get working with the IDE integration within minutes!

×
Preview Image
Show more reviews
What's your experience? We'd love to know!