Learn to manage violations from InnerSource components and declutter your scan results with InnerSource Insights.
This guide will help Sonatype customers plan for onboarding applications to IQ Server.
This article covers everything you need to know about the integration of Nexus Container in Nexus Lifecycle. We’ll go over what the integration is, how it works, and how to use it.
This guide goes over the new features in Firewall and how to configure these new features.
This guide will explain why we built a policy engine and the benefits of Lifecycle as a comprehensive risk management tool.
The Advanced Legal Pack helps legal teams streamline open-source software license compliance, mitigate license risk, and expedite feedback with development teams.
This guide will introduce the success metrics APIs in Nexus Lifecycle and explain how to build custom reports.
This article goes over what containers are, how they’re scanned in IQ Server, and how you can evaluate policy against container images.
This article covers everything you need to know about Infrastructure as Code (IaC) in Nexus IQ Server. We’ll go over what IaC is, how it works, and how to use it with Nexus IQ Server.
This guide describes purpose of Nexus Firewall and outlines the benefits of using it. It also includes resources to get started with the product.
This guide goes over a series of waiver enhancements designed to help you define, apply, and manage waivers.
The Advanced Development Pack is an add-on feature to Nexus Lifecycle that provides development teams an automated, policy-based dependency management solution.
This guide helps developers remediate vulnerabilities by pushing policy evaluation information into their source control management (SCM) commits and pull requests.
Learn about the importance of setting up and receiving notifications and continuous monitoring for your IQ Server scans.
Learn how to use the IQ Server to select better components and build better software, faster.
Our IQ for Jira plugin puts remediation right in the development workflow—letting you easily get violations in front of the people who can fix them.
This guide shows you how to setup secure connections to and from the IQ Server.
This guide will help Sonatype customers evaluate their applications and deliver timely component intelligence to their developers throughout the software development lifecycle (SDLC).
This article goes over the features, and limitations, associated with a Lifecycle Foundation license.
The IQ Server team has made updates the the Application Composition Report, making policy results, in both summaries and details, the core of the report.
This article will help you identify, and put in process, ideal research and remediation guidelines for your organization.
This article explains the grandfathering feature in IQ Server. Grandfathering lets you see existing risk, prioritize what you want to fix, and then focus on any new risks while working your way through the grandfathered violations.
This article walks you through the declarative Jenkins pipeline used at Sonatype, showing you where our products integrate in a modern CI/CD process.
This article helps you determine which authentication and authorization options work best for your organization.
This article explains what Sonatype vulnerability data is and how it's produced. Sonatype Data Services are continuously updated, allowing the most recent data to be visible the instant a Nexus Lifecycle analysis occurs.
This article shows you how to build a webhook and deploy it to a Serverless framework like AWS Lambda. The Serverless function will consume an IQ policy evaluation event and push a message about it to Slack.