Highest Voted 'nexus-iq' Questions

2

votes

1 answer

Azure DevOps NexusIQ task 'Error from CLI Command failed with exit code 1: java -jar'

What do I want to accomplish? 'Hello to the incredible community of StackOverflow' Scan the packages of our code with NexusIQ Task, in an Azure DevOps Services Pipeline Environment Azure DevOps Services-->Pipelines-->Task-->NexusIQ NexusIQ Task…

asked Dec 03 '21 at 18:16

alexis19apl

41
1
10

2

votes

1 answer

jakarta.el library is flagged for security vulnaribility in NexusIQ [Quarkus]

We use quarkus-hibernate-validator which pulls in jakarta.el. But recently all versions of jakarta.el is flagged by NexusIQ for a severe vulnaribility. [https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/][1] Details as…

security glassfish quarkus nexus-iq

asked May 06 '21 at 21:08

S Kashyap

31
2

1

vote

0 answers

NexusIQ Copyleft license ('GPL-2.0-with-classpath-exception') on jakarta.annotation-api : 1.3.5 and org.yaml : snakeyaml : 2.0

I'm using NexusIQ in order to analyze vulnerabilities that might come fom dependencies. My development is based on Spring boot using Webflux. NexusIQ raises a level 8 Copyleft license policy violation alert. Because it found licenses in the…

spring-boot spring-webflux nexus-iq

asked Jul 12 '23 at 14:13

cknelle

131
1
12

1

vote

1 answer

Nexus IQ flagged Component-Unknown for libraries in alpine openjdk

When I try to scan docker image with nexus IQ, it flagged Component-Unknown for libraries in openjdk…

docker alpine-linux nexus-iq

asked Sep 29 '21 at 10:53

rotatingFan

35
1
6

1

vote

0 answers

Nexus IQ to get the EOS details of each library

How to find out the particular library is in EOS(End of Support) already? Currently the Nexus IQ Server points out the License or any security vulnerability. Are there any way to get the report where it will show this particular library is End of…

maven dependencies nexus nexus-iq

asked Apr 26 '21 at 09:09

Developer404

5,716
16
64
102

0

votes

1 answer

Perform policy evaluation checks in GitLab: sonartype evaluation results file not found

I'm using a GitLab pipeline to build my project and would like to perform policy evaluations against the build artifacts using nexus iq policy evaluation. The project is a multi module project and I've defined a job for each module like so: nexusiq…

gitlab yaml gitlab-ci nexus nexus-iq

asked Mar 17 '23 at 06:10

Greta

300
1
10

0

votes

0 answers

How to scan a C# solution using the SonaType CLI (Nexus IQ CLI) command

We are trying to locally scan a .net6 webapi solution using the Nexus IQ CLI (sonatype cli scan). When we try to scan a .csproj file, its perfectly scanning the dependent packages and generating the report. But we could not find a support document…

sonatype nexus-iq

asked Mar 02 '23 at 16:56

Supratheesh Surendran

3
5

0

votes

1 answer

NexusIQ scan report

I'm dealing with some NexusIQ reports about Highest Policy Threat and Security Violation Threat when upgrading to org.springframework:spring-web@5.3.22 which is the version used under the org.springframework.boot : spring-boot-starter-web :…

spring spring-boot nexus-iq

asked Sep 20 '22 at 07:12

Alter

903
1
11
27

0

votes

1 answer

Copy all Gradle dependencies without pre-registered custom task

Use Case The use case for grabbing all dependencies (without the definition of a custom task in build.gradle) is to perform policy violation and vulnerability analysis on each of them via a templated pipeline. We are using Nexus IQ to do the…

gradle dependencies nexus-iq

asked Sep 12 '22 at 22:53

user17544628

0

votes

0 answers

How to fix or avoid CVE-2018-14335 H2 Security Issue?

In my Spring Boot 2 Project, I use H2 in memory Database. My Nexus IQ Security Scan alerting about CVE-2018-14335. I dont understand the cause of this, so I cant fix it. I also dont understand the Explanation by Nexus-IQ. Webconsole is…

spring-boot h2 nexus-iq

asked Sep 02 '22 at 09:43

Tristate

1,498
2
18
38

Questions tagged [nexus-iq]