What is nexus for atlassian?

By integrating Sonatype’s Nexus to Jira, a Nexus IQ security policy evaluation will automatically generate a Jira issue in the project of your choosing.

The integration consists of the following stages (we’ll go into more detail below):

You can find the Nexus IQ for Jira add-on in the Atlassian marketplace. If you have the necessary permissions to install add-ons, you can go ahead and download it to your Jira server.

Here’s what the Nexus IQ add-on looks like in the Jira marketplace

The settings for the add-on live in the applications tab of the administration pages. You’ll find three different settings areas: one for actually configuring the connection to Nexus IQ, and two areas showing what kind of information the plugin has successfully pulled from your Nexus IQ server, namely applications and organizations.

In the Jira configuration area you’ll have all the information you need to create a connection between Nexus IQ and Jira. After this you can move on to configuring the conditions that will trigger a webhook.

Let’s say I would like to get Jira tickets for violations that happen in the staging and release branches. I will edit my custom policy to only fail builds and send notifications if the code is in the build or release stage. After setting the action parameters I enabled the webhook to those same stages.

The configuration screen for policies in Nexus IQ

Let’s go back to Jira. I opened the project that I’d like to enable the webhook issue creation to. I chose ‘bug types’ for these Nexus IQ issues. It’s important to add a label to all tickets. A helpful name like – Nexus-IQ – is great for this purpose.

To ensure maximum visibility and minimum annoyance, we will use swimlanes in our Kanban board to separate the Nexus IQ reports from basic development tickets, while still keeping them visible.

The example Kanban board with swim lanes for Nexus IQ issues

And to show you what the final result looks like, here is a ticket created from a demo run:

An expanded view of an issue generated by Nexus IQ

I’ve walked you through the general steps needed to enable the integration between Nexus IQ and Jira.

Visit the official documentation page for more detail if need be: https://help.sonatype.com/integrations/nexus-iq-for-jira

It is a fact that no software is built from scratch. Almost all of us are using 3rd party libraries to speed up the development lifecycle. Hence it is important to ensure that the open source components used are safe. Otherwise it could be the weakest link. This post introduces the possible integration between Sonatype’s Nexus Lifecycle and Atlassian toolset for DevSecOps.

Sonatype Nexus platform addresses this challenge with earlier detection of security risks/non-compliance.

The products in the suite are

Sonatype is a market leader in this area because comprehensive coverage and higher accuracy (less false positives and less true negatives).

With the Nexus IQ for Bamboo app, developers can easily add a step to perform the IQ Analysis Task to the Bamboo build plan

With that, it is possible to see the scan results for each build. Developers can do comparison easily from the historical results from the Full Report link.The Nexus IQ server will only display the latest report for each stage of each application

Nexus IQ for Jira app can create Jira issues for selected policy violations.This allows the developer team to track the task easily and all the discussions and decisions are kept in context within the report.This reduces duplicate effort and speeds up resolution time by seeing how other teams solved the issue.

The organisation is clearly structured. Each IQ evaluation is a parent issue with each affected component as a subtask.

A possible customisation will be to set the Affected Version(s) field.

The Sonatype Nexus Notifier for Bitbucket displays the Nexus Lifecycle policy evaluation information in pull requests.With this feature, the gatekeeper can ensure that the changes introduced meet the quality and governance guidelines before merging it to master.

Nexus IQ for Jira is an Atlassian Jira plugin that automates the creation of Jira project issues in response to IQ Server application evaluation policy violation events. The plugin allows you to prioritize and track remediation of open-source policy violations from Nexus IQ Server inside Jira.

• Platform overview Automate your software supply chain security. Firewall Block malicious open source at the door. Repository Build fast with centralized components.
• Integrations Work in the tools, languages, and packages you already use.
• Pricing Simple and predictable pricing model that fits your company.