Our technical guides give you an in-depth look at key IQ Server concepts and features.

Nexus Container Integration

This article covers everything you need to know about the integration of Nexus Container in Nexus Lifecycle. We’ll go over what the integration is, how it works, and how to use it.

Why Policy?

This guide will explain why we built a policy engine and the benefits of Lifecycle as a comprehensive risk management tool.

Success Metrics

This guide will introduce the success metrics APIs in Nexus Lifecycle and explain how to build custom reports.

Containers in IQ Server

This article goes over what containers are, how they’re scanned in IQ Server, and how you can evaluate policy against container images.

Infrastructure as Code Pack

This article covers everything you need to know about Infrastructure as Code (IaC) in Nexus IQ Server. We’ll go over what IaC is, how it works, and how to use it with Nexus IQ Server.

Scanning Javascript in IQ Server

The IQ Server team made some big improvements to how we scan JavaScript applications. In this guide you'll learn how we scan JavaScript applications, how to run a scan from the command line, and how to fix policy violations.

Intro to Firewall

This guide describes purpose of Nexus Firewall and outlines the benefits of using it. It also includes resources to get started with the product.

Enhanced Policy Waivers

This guide goes over a series of waiver enhancements designed to help you define, apply, and manage waivers.

IQ Server for Developers

Learn how to use the IQ Server to select better components and build better software, faster.

Nexus IQ for Jira Plugin

Our IQ for Jira plugin puts remediation right in the development workflow—letting you easily get violations in front of the people who can fix them.

Comprehensive Guide to Lifecycle Scanning

This guide will help Sonatype customers evaluate their applications and deliver timely component intelligence to their developers throughout the software development lifecycle (SDLC).

Lifecycle Foundation

This article goes over the features, and limitations, associated with a Lifecycle Foundation license.

Policy-Centric Application Report

The IQ Server team has made updates the the Application Composition Report, making policy results, in both summaries and details, the core of the report.

IQ Server Grandfathering

This article explains the grandfathering feature in IQ Server. Grandfathering lets you see existing risk, prioritize what you want to fix, and then focus on any new risks while working your way through the grandfathered violations.

CI / CD Pipeline at Sonatype

This article walks you through the declarative Jenkins pipeline used at Sonatype, showing you where our products integrate in a modern CI/CD process.

Understanding Vulnerability Data

This article explains what Sonatype vulnerability data is and how it's produced. Sonatype Data Services are continuously updated, allowing the most recent data to be visible the instant a Nexus Lifecycle analysis occurs.

Using Webhooks: IQ & Slack Integration

This article shows you how to build a webhook and deploy it to a Serverless framework like AWS Lambda. The Serverless function will consume an IQ policy evaluation event and push a message about it to Slack.