Supplying commit hash via dockerised Nexus IQ CLI

Is there a way or plan to support supplying a commit hash in the docker version of the Nexus IQ CLI?

Looking at the instructions here - it mentions a --metadata flag:

However (as also mentioned in that same documentation) we are using the dockerised CLI for this:

But this seems to have different usage and doesn’t mention the metadata or commit hash. Looking at the image, it is running a docker specific jar file:

java -cp ${SONATYPE_LIB}/docker-nexus-iq-cli.jar ${SONATYPE_IQ_CLI_PKG}.NexusPolicyEvaluator

Hi Simon, sorry for the late reply.

There are two possibilities for resolving this. I have created an internal ticket to get our documentation updated.

I’m not 100% clear why the Git commit info is not being picked up automatically, but these two options will allow you to inform the CLI of the Git info.

  1. Forcefully tell it where the .git directory is with --env GIT_DIR=/target/.git. Full example:

    docker run --env GIT_DIR=/target/.git -v $(pwd):/target -v /tmp/results:/sonatype/reports sonatype/nexus-iq-cli /sonatype/evaluate -s -a admin:admin123 -i sandbox-application "/target/pom.xml"

    Note in this example I am mounting the scan target under /target, but additionally setting GIT_DIR as an environment variable to tell the internal Git discovery code where the .git folder is. This approach depends on the .git actually being part of the mounted folder, with the added benefit of auto-discovery of the repository URL as well.

  2. Directly give the command the git information with GIT_COMMIT. Full example:

    docker run --env GIT_COMMIT=c9c2afa7189ba3549d4ba68912662e3473edd841 -v $(pwd):/target -v /tmp/results:/sonatype/reports sonatype/nexus-iq-cli /sonatype/evaluate -s -a admin:admin123 -i sandbox-application "/target/pom.xml

    Or automatically if possible:

    docker run --env GIT_COMMIT=$(git rev-parse HEAD) -v $(pwd):/target -v /tmp/results:/sonatype/reports sonatype/nexus-iq-cli /sonatype/evaluate -s -a admin:admin123 -i sandbox-application "/target/pom.xml"

    To set the git url (if necessary) the environment variable to use there is GIT_URL