How do I tune and validate policies for my application before sending it on to development?

Before rolling out the Nexus IQ Server to your development teams, you probably want to familiarize yourself with the various policy conditions and how they affect your particular application. In order to quickly evaluate your policies without having to first set up a CI job or IDE workspace, Sonatype provides an easy to use command line tool, the Nexus IQ Server CLI.

This tool gets pointed at the directory or archive forming your application, performs a scan of all contained components and submits that scan to your Nexus IQ Server which then evaluates your policies. The results of the evaluation are printed to your console window along with the URL to the detailed online report.

About the Command Line Tool

The command line tool, nexus-iq-cli.jar, can be obtained from our download portal. The command line tool is an executable JAR and assumes that you already have Java 6 or newer installed on your local system. To launch it, just open a console window and type: 

java -jar nexus-iq-cli-{version}.jar

This will bring up the usage help for the available parameters. If you do not require a proxy to connect to your the Nexus IQ Server, an example invocation of the tool looks like this:

java -jar nexusiq-server-{version}.jar -s http://iqserver.mycompany.com/ -i my-application-id my-application.zip

In the example above, the tool will evaluate the archive my-application.zip and submit the scan to your Nexus IQ Server at http://iqserver.mycompany.com/. There, the policies associated with the application ID, my-application-id, get evaluated.

It is important to note, that policy evaluations done using this command line tool get processed just like those done for continuous integration. That is, the action and notifications configured for the Build stage of the policies will be triggered.

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk