Lesson Tag: IQ 102

Remediation Assistance

Filtering the Component List If you have multiple projects loaded into your IDE and need to view a specific subset of results — the plugin has a Filter option that allows you to set the scope for the results displayed within the panel.  This could be useful when you need to review vulnerabilities pertaining to …

Remediation Assistance Read More »

Summary – Lesson 3

You have completed Lesson 2.  You are now able to: Using the Component Info tab to view vulnerabilities Viewing policy details Analyzing license types and risks  Analyzing security risks Taking the necessary steps to start remediating

Evaluating a Project

Assigning Your IDE Project and Triggering an Evaluation Once the IDE plugin has been successfully installed and configured the next step will be to associate your local IDE project with an IQ application so it can be evaluated against the defined policies. Here is an example of an Eclipse IDE with a WebGoat Java project …

Evaluating a Project Read More »

IDE Integration

Getting Started Sonatype’s IDE Integrations provides you with direct access to Sonatype’s comprehensive component intelligence right within your IDE. It measures your components against your organization’s open source governance policy. This helps you to pick components that align with policy. Objectives By the end of this lesson, you will be able to use the plugin …

IDE Integration Read More »

Impact of Using Developer Tooling

Providing Nexus Intelligence at Your Fingertips Nexus Intelligence powers the Nexus Platform with precise data to automate open source governance at scale across every phase of the SDLC. Modern software practices require a modern approach. The Nexus Platform provides fast, precise, contextual, actionable, and continuous information about the component you use, allowing you to focus …

Impact of Using Developer Tooling Read More »

What Does the IDE Integration Provide?

Works Where You Work IDEs are powerful because they show code hints and code style guidelines, allowing you to fix code and triage if issues are identified. Similarly, a Nexus IQ IDE integration lets developers make informed decisions when selecting your projects’ components — all in the integrated development environment that you’re used to. Better …

What Does the IDE Integration Provide? Read More »

Setting the Context

Getting Started Sonatype prides itself on being an innovator in the Open Source space while adhering to the principles of DevSecOps while we design our products. At the core, DevSecOps principles expand the responsibility for security from security professionals to the whole organization. The exponential growth of the Open Source usage in applications in the …

Setting the Context Read More »

Sonatype Supported IDEs

Just to make sure we are all on the same page, we want to cover our bases and start from the beginning. We recognize the importance of coming to where you are (i.e., no yet another tool). Our focus is on productivity and not to be an inhibitor, and to that end… we quickly want …

Sonatype Supported IDEs Read More »

IDE Plugins

Getting Started In this section, we’ll discuss the differences and review which IDEs are supported by Sonatype and what is available even if you don’t have an IQ Server license. Objectives By the end this lesson, you will be able to: List the IDEs that require an IQ Server license Identify which IDE works best for …

IDE Plugins Read More »

Inspecting Component Details

Objectives By the end of this lesson, you will be able to: Review policy violations. Analyze license types and risks of components in your applications. Analyze security risks of components of components in your applications. Policy Violation Details From the Component Info tab, there is a View Details button. Selecting this button takes you to …

Inspecting Component Details Read More »