Lesson Tag: Lesson 5

Developer Tools

Lesson 5 Overview Nexus Lifecycle integrates early and everywhere with your favorite pipeline and development tools so you never have to worry about compatibility. We Work Where You Work — Fix issues before failing a build, and move to an approved version with just one click. Nexus IQ integrates with Eclipse, IntelliJ IDEA, Microsoft Visual …

Developer Tools Read More »

Quality Control in Source Control

Keep your packages up to date with continuous monitoring and automatically create pull requests for any new policy violations. Nexus Lifecycle identifies the available upgrade versions and path to remediation. Nexus Lifecycle lets you view evaluation results directly in GitHub, Bitbucket, or GitLab to reduce noise and speed up development while automating manual tasks. For …

Quality Control in Source Control Read More »

Using Nexus IQ Chrome Extension

The Nexus IQ Chrome Extension lets you inspect a package before you download it. The plugin requires a valid Sonatype Nexus Lifecycle license. Once the plugin is installed on your Chrome browser, you can scan packages from several repositories like Maven, npm, Nuget, and PyPi, just to name a few. With the Chrome Extension, you’ll …

Using Nexus IQ Chrome Extension Read More »

Managing Transitive Dependencies

When you are trying to figure out why/where a particular vulnerable transitive dependency is showing up in your report you’ll need to determine the “parent” component that includes the transitive dependency to determine how to proceed. Upgrading to a different version of the parent component may resolve the violation because a different version of the …

Managing Transitive Dependencies Read More »

Updating Your Dependencies

Dependencies can grow to the point where they get out of hand. You may be following all the right security best practices, but due to a single vulnerable dependency, your application can still be susceptible to exploitation. Keeping dependencies up-to-date can present a huge problem if left unmanaged. 2020 State of the Software Supply Chain …

Updating Your Dependencies Read More »