Description
Using your IQ server for a given organization, categorize all the components and build a summary report.
Basic Usage
For Nexus Lifecycle Users
In order to generate the Application Stack Analysis report, we will need to collect the inventory from your IQ Server using your IQ Server login. The downloaded client will connect to your IQ Server using the IQ Server rest APIs and will only have access to the data you have access to.
To see all the client options:
java -jar bom-client-1.12.jar -h
To generate an Application Stack Analysis report in one step:
java -jar bom-client-1.12.jar --iqUsername iq_user --iqUrl iq_server --reportingUsername portal_user --lifecycleStage develop|build|stage-release|release|operate --reportFileName test-report.zip
You will be prompted for your iqPassword and your portalPassword which are your IQ server and portal login passwords.
For Nexus Repository Pro Users
You will need to enable the RHC analysis from your repository manager by clicking the “ANALYZE” button. This will generate the an inventory for that proxied repository. If you don’t see the analyze button and you see “Health Check” numbers, the analysis has already been performed.
You will need to download a client jar that will extract the component inventory from the Nexus Repository Health Check (RHC) Report. The client will prompt you for your Nexus Repository credentials in order to access the RHC report.
The client jar is available on Google Drive:
java -jar healthcheck-transformer-all-1.0-SNAPSHOT.jar -s {nxrmServerUrlWithPort} -u {nxrmUsername} -p {nxrmPassword} -r {repositoryID} -o {output.json file}
You should be able to run the jar with command above, if you omit the password you will be prompted for one (in order to prevent screen watching).
The repository ID can be determined by last path parameter in the Repository Path. In the screenshot above, ours would be “central-proxy”.
For the server URL, you need to use the base URL of your Nexus Repository instance, so if it is hosted at the root of your domain, just https://{server}:{port}, but if it is nested it would be something like https://{server}:{port}/nexus.
If you are still having trouble, the client will accept a licenses.json file which can be downloaded from the Detailed Report. I’ve attached a screencast below as to how to get this JSON file.
In this case the proper command line arguments would be:
java -jar healthcheck-transformer-all-1.0-SNAPSHOT.jar -l {licenses.json file} -o {output.json file}
Once you have output json file, you will need to submit the file to the Sonatype Report Service to generate the Application Stack Analysis report. To save/send the collected inventory in two steps to generate a report:
java -jar bom-client-1.12.jar --sendPayloadFile output.json --reportingUsername portal_user --reportFileName ./test-report.zip
You will be prompted for your reportingPassword which is your portal login password.
Download
Version 1.12 released March 5, 2019
You will need your SE or CSE to access the jar file until LDAP access is added
Sonatype Categorization Client
Taxonomy
A complete list of the taxonomy is here: Category Taxonomy.pdf (57.5 KB)
Feedback
Please answer the poll questions or leave a comment on the thread. All comments are visible to customers and Sonatype.
- Was the category taxonomy meaningful
- Would you like to see project categories
- Would you like to see component categories
- Was the summary view with risk rollup for the category useful
0 voters
