Nexus IQ for Azure DevOps

Evaluate open source policies at CI.

Overview

The Nexus IQ Extension for Azure DevOps enforces open source governance policies within the CI phase. As a new step within the build, the application is scanned by Nexus IQ to identify any open source security, license, or quality policy violations and can be configured to fail the build or generate a warning. Once the scan is complete, the results are displayed within Azure DevOps with a link to the Nexus Lifecycle policy report for violation details and expert remediation guidance.

Nexus Lifecycle

In a DevOps world, the only way to deliver secure applications at scale is to rely on precise intelligence about the quality of the open source components used within those applications. Nexus Lifecycle provides the most precise intelligence regarding security vulnerabilities, license risk, and architectural quality of open source components and delivers that information directly within Azure DevOps as well as other tools in the DevOps toolchain. Automate your open source policies with confidence and deliver applications at scale by eliminating manual approval processes and whitelists/blacklists.

Nexus IQ for Azure DevOps

The results of a Nexus Lifecycle scan appear directly within the Azure DevOps build pipeline so it is easy to understand what open source components are being used and if they violate any of your open source policies. The Nexus IQ Summary Report and the Nexus IQ Build Report tabs that will contain all the results for the evaluation.

You can check the logs on the Job details

On the Nexus IQ Summary Report tab you will find a summary of the total violations and the total scanned components

In this example, there are 1 critical, 1 medium, and 0 low risk components identified within this application.

On the Nexus IQ Build Report tab you will find a detailed view you will be able to identify which components violate which policy.

The Nexus IQ Summary report can also be integrated into the Azure DevOps dashboard for a quick view into the summary of components evaluated. You also have the ability to add a widget to check the trends for the IQ Policy Evaluations

More information about the Nexus IQ Extension for Azure DevOps can be found in IQ for Azure DevOps Documentation.

Requirements

The Nexus IQ Extension requires Nexus Lifecycle.

Changes

Version 1.6.4

• Provide latest features for Nexus Lifecycle 1.153.0-01.

Version 1.6.3

• Provide latest features for Nexus Lifecycle 1.152.0-01.

Version 1.6.2

• Provide latest features for Nexus Lifecycle 1.151.0-01.

Version 1.6.1

• Provide latest features for Nexus Lifecycle 1.150.0-01.

Version 1.5.7

• Provide latest features for Nexus Lifecycle 1.149.0-01.

Version 1.5.6

• Provide latest features for Nexus Lifecycle 1.148.0-01.

Version 1.5.5

• Provide latest features for Nexus Lifecycle 1.147.0-01.

Version 1.5.4

• Fix Nexus IQ Build Report to properly show the icon for "notify" actions.

• Provide latest features for Nexus Lifecycle 1.146.0-01.

Version 1.5.2

• Provide latest features for Nexus Lifecycle 1.145.0-01.

Version 1.5.0

• Add the organization ID parameter, used for automatic IQ apps

• Provide latest features for Nexus Lifecycle 1.144.0-05.

Version 1.4.0

• Add a task option to enable debug logging for IQ Policy Evaluations

• Improve the summary message for policy evaluations

• Add a new Nexus IQ Summary Report tab on Build view

• Provide latest features for Nexus Lifecycle 1.143.0-01.

Version 1.3.35

• Provide latest features for Nexus Lifecycle 1.142.0-02.

Version 1.3.34

• Provide latest features for Nexus Lifecycle 1.141.0-01.

Version 1.3.33

• Provide latest features for Nexus Lifecycle 1.139.0-01.

Version 1.3.32

• Provide latest features for Nexus Lifecycle 1.138.0-01.

Version 1.3.31

• Provide latest features for Nexus Lifecycle 1.137.0-05.

Version 1.3.30

• Provide latest features for Nexus Lifecycle 1.136.0-01.

Version 1.3.28

• Provide latest features for Nexus Lifecycle 1.135.0-01.

Version 1.3.27

• Provide latest features for Nexus Lifecycle 1.134.0-02.

Version 1.3.26

• Provide latest features for Nexus Lifecycle 1.133.0-02.

Version 1.3.25

• Provide latest features for Nexus Lifecycle 1.132.0-02.

Version 1.3.24

• Provide latest features for Nexus Lifecycle 1.131.0-01.

Version 1.3.23

• Provide latest features for Nexus Lifecycle 1.130.0-01.

Version 1.3.22

• Provide latest features for Nexus Lifecycle 1.129.0-01.

Version 1.3.19

• Provide latest features for Nexus Lifecycle 1.128.0-01.

Version 1.3.18

• Provide latest features for Nexus Lifecycle 1.127.0-01.

Version 1.3.17

• Provide latest features for Nexus Lifecycle 1.126.0-01.

Version 1.3.16

bug fix: Correctly show a long app id in dashboard widget

• Provide latest features for Nexus Lifecycle 1.125.0-01.

Version 1.3.15

• Provide latest features for Nexus Lifecycle 1.124.0-01.

Version 1.3.14

• Provide latest features for Nexus Lifecycle 1.123.0-01.

Version 1.3.13

• FIX: Correctly handle Multiple javaSystemProperties configuration

• Provide latest features for Nexus Lifecycle 1.122.0-01.

Version 1.3.12

• FIX: Correct null 'match' error when handling javaSystemProperties configuration..

Version 1.3.11

• Handling Multiple javaSystemProperties configuration
• Provide latest features for Nexus Lifecycle 1.121.0-01.

Version 1.3.10

• Provide latest features for Nexus Lifecycle 1.120.0-02.

Version 1.3.9

• Provide latest features for Nexus Lifecycle 1.119.0-03.

Version 1.3.8

• Provide latest features for Nexus Lifecycle 1.118.0-01.

Version 1.3.7

• Provide latest features for Nexus Lifecycle 1.117.0-01.

Version 1.3.6

• Provide latest features for Nexus Lifecycle 1.116.0-01.

Version 1.3.5

• Provide latest features for Nexus Lifecycle 1.114.0-01.

Version 1.3.4

• Provide latest features for Nexus Lifecycle 1.113.0-02.

Version 1.3.3

• Bug fix: Correctly handle system errors such as IQ connection failures and mark the build as failed or unstable
• Provide latest features for Nexus Lifecycle 1.111.0-01.

Version 1.3.2

• Support for http proxy on Azure Pipeline Agents.
• Provide latest features for Nexus Lifecycle 1.108.0-02.

Version 1.3.1

• FIX: Revert http proxy support introduced in 1.3.0.

Version 1.3.0

• Support for http proxy on Azure Pipeline Agents.
• Provide latest features for Nexus Lifecycle 1.107.0-01.

Version 1.2.15

• Provide latest features for Nexus Lifecycle 1.106.0-01.

Version 1.2.14

• Provide latest features for Nexus Lifecycle 1.105.0-01.

Version 1.2.13

• Provide latest features for Nexus Lifecycle 1.103.0-01.
• Send component paths to the IQ Server, so they can be shown on Occurrences tab of reports.
• Accommodate expanded output of IQ CLI and larger numbers of artifacts.

Version 1.2.12

• FIX: Revert 1.2.11 release to alleviate a regression while scanning larger numbers of artifacts.

Version 1.2.11

• Provide latest features for Nexus Lifecycle 1.103.0-01.
• Send component paths to the IQ Server, so they can be shown on Occurrences tab of reports.

Version 1.2.10

• Provide latest features for Nexus Lifecycle 1.100.0-01.
• Scan artifacts found in the Artifact Staging Directory in addition to the Default Working Directory.

Version 1.2.9

• Provide latest features for Nexus Lifecycle 1.99.0-01.

Version 1.2.8

• Provide latest features for Nexus Lifecycle 1.98.0-01.
• Provide reminder on a pipeline to enable Nexus IQ for each project when it's not already.

Version 1.2.7

• Provide latest features for Nexus Lifecycle 1.97.0-01.

Version 1.2.6

• Provide latest features for Nexus Lifecycle 1.96.0-01.

Version 1.2.5

• Provide latest features for Nexus Lifecycle 1.95.0-01.

Version 1.2.4

• Provide latest features for Nexus Lifecycle 1.94.0-01.

Version 1.2.3

• Provide latest features for Nexus Lifecycle 1.92.0-01.
• Security updates for dependencies.

Version 1.2.2

• Security updates for dependencies.