Update Your IQ Server License Threat Groups

dgriffin · April 17, 2020, 4:00am

The license threat group updater will apply the latest Sonatype provided license classification to your running IQ server’s license threat groups. This will alleviate any “License Threat Group not Assigned” policy violations, in addition to keeping your license catalog up to date.

ltg_updater_20191025

Updating Nexus IQ License Threat Groups

Please consider backing up your existing installation prior to running the updater. For instructions: Backing up the IQ Server

usage: java -jar ltg-updater-1.0.0.jar -s http://localhost:8070 -u
       adminUser -p adminPassword -i path/to/update.csv -d -f [-d] [-e]
       [-f] [-h] [-i <arg>] [-p <arg>] [-s <arg>] [-u <arg>]
 -d,--default          Select all default choices.
 -e,--silent           Disable all input and output to the CLI.
                       Automatically selects default choices.
 -f,--force_review     Even if default choices or silent are selected this
                       option will force the review of license changes.
 -h,--help             Prints help message.
 -i,--input <arg>      Path to CSV file of license to LTG mapping.
 -p,--password <arg>   Admin password.
 -s,--server <arg>     Url to Nexus IQ server.
 -u,--user <arg>       Admin username.
[dgriffin@localhost license-ltg-updater

The updater currently only supports basic auth and must be supplied credentials for the Nexus IQ Admin user as it will make updates to the Root Organization LTGs. It is recommended that users enable the -d and -f options to select both default choices and to force a review of any license LTG changes .

java -jar ltg-updater-1.0.0.jar -s http://localhost:8070 -u admin -p admin123 -i license_ltgs_12052019.csv -d -f

Prompts

Add all unassigned licenses to LTGs in root organization? [Y/n]

This is asking if all currently unassigned licenses to should be assigned to LTGs in the Root Organization. Recommended answering ‘Yes’. This will also recreate any Sonatype defined LTGs that have been removed from the Root Organization for any reason.

License 'SautinSoft-Document-.Net-LA' is now assigned to LTG 'Banned', but that LTG does not exist in organization 'Sandbox Organization', would you like to create a new LTG for this organization that represents the 'Banned' LTG? [y/N]

This is asking if you would like to create a new LTG within this organization (‘Sandbox Organization’) that will contain all licenses in this update that Sonatype has assigned to ‘Banned’. If you are very particular about licenses, or have created an ‘approved LTG’, it may be best to not create this new LTG.

Keep the existing assignment for 'SautinSoft-Document-.Net-LA', assigned to 'My Restricted Licenses', in organization 'Sandbox Organization'? [Y/n]

If you didn’t create a new LTG for this license in this organization (‘Sandbox Organization’) it will ask if you want to preserve the existing assignment. It is recommended that you preserve this assignment. If you choose not to the license will be removed from the currently assigned LTG (‘My Restricted Licenses’). Removing the license might be acceptable depending on your policies as it will be added to the Root Organization LTGs if that option was selected at the start.

New LTG name: [Sandbox Organization Banned] 2019-09_license_update Banned
New LTG threat level: [10] 5

If you responded that you wish to create a new LTG you will be prompted for a new LTG name and threat level. After this LTG is created all future licenses in this update that would map to the Sonatype suggested LTG will instead map to your custom LTG for that organization.

Updating 'SautinSoft-Document-.Net-LA':
	'Internal Organization' : 'My Approved Licenses' -> 'My Approved Licenses'
	'Sandbox Organization' : 'My Restricted Licenses' -> '2019-09_license_update Banned'

The above update statement highlights the point above, that all licenses that Sonatype is assigning to ‘Banned’ will instead be mapped to ‘2019-09_license_update Banned’ for the organization ‘Sandbox Organization’.

Review LTG updates? [Y/n] y

New licenses added to Root Organization:

	Banned
		MS-Report-Viewer-Runtime-for-MS-SQL-Server
		MS-SCLR-For-Sql-Server-2016
		MS-VS-2015-Pre-Release-Software-License
		SautinSoft-Document-.Net-LA
		SautinSoft-Excel-to-PDF-.Net-LA
		SautinSoft-HTML-to-RTF-.Net-LA
		SautinSoft-PDF-Focus-.Net-LA
		SautinSoft-PDF-Metamorphosis-.Net-LA
		SautinSoft-PDF-Vision-.Net-LA

	Commercial
		MS-SQL-Server-2017-SMO-License
		MS-VS-2015-SDK-License

Updated licenses:

Sandbox Organization
	My Restricted Licenses
		SautinSoft-Document-.Net-LA
		SautinSoft-Excel-to-PDF-.Net-LA
		SautinSoft-HTML-to-RTF-.Net-LA

Internal Organization
	Internal Organization Banned
		MS-Report-Viewer-Runtime-for-MS-SQL-Server
		MS-SCLR-For-Sql-Server-2016
		MS-VS-2015-Pre-Release-Software-License
		SautinSoft-Document-.Net-LA
		SautinSoft-Excel-to-PDF-.Net-LA
		SautinSoft-HTML-to-RTF-.Net-LA
		SautinSoft-PDF-Focus-.Net-LA
		SautinSoft-PDF-Metamorphosis-.Net-LA
		SautinSoft-PDF-Vision-.Net-LA

	My Approved Licenses
		MS-SQL-Server-2017-SMO-License
		MS-VS-2015-SDK-License


Approve LTG updates? [Y/n]

After applying all of the updates you will be given the opportunity to review your changes.

Requirements

Java 1.8 or greater.
Nexus IQ 1.4x or greater.

Download

ltg-updater-1.0.2.jar (7.9 MB)

license_ltgs_04172020.csv (27.2 KB)

Help

For questions or help reply to this thread. Please do not submit company confidential information.

dgriffin · July 16, 2020, 6:10pm

Latest license information: license_threat_groups_20200715.csv (42.1 KB)

dgriffin · July 21, 2020, 3:06pm

Latest license information: license_threat_groups_20200721.csv (42.1 KB)

srishti.suman · August 18, 2020, 11:18am

Hi, Would there be any impact on users ?

joshua.richards · September 2, 2020, 10:25pm

How can we receive the latest license information from Sonatype?

mworthington · September 3, 2020, 2:53pm

@joshua.richards, the latest license categorizations are contained in the various CSV files attached to this topic. Is that what you are looking for?

p.s. I am seeing an issue with the attachment from 7/21. I am looking into that. In the meantime, you can use the 7/15 csv.

dgriffin · September 11, 2020, 5:34pm

license_ltgs_20200911.csv (42.1 KB)

This file should be accessible and contains the latest license to LTG mappings.

dgriffin · September 23, 2020, 8:29pm

If you do run into issues with the updater feel free to comment here or reach out to me directly. More than happy to walk people through or debug any issues. Please don’t open a support ticket as this product is in labs and isn’t supported by our support staff.

u.maurer · November 12, 2020, 11:07am

We just tried updating out License Threat Groups. Unfortunately we encountered following error:

$ java -jar ltg-updater-1.0.0.jar -s https://example-url.com -u admin-p password -i license_ltgs_04172020.csv -d -f

Add all unassigned licenses to LTGs in root organization? [Y/n]

Exception in thread "main" java.lang.NullPointerException
        at zz.ab.c(SourceFile:94)
        at com.sonatype.insight.brain.ltg.updater.c.b(SourceFile:173)
        at com.sonatype.insight.brain.ltg.updater.c.a(SourceFile:146)
        at com.sonatype.insight.brain.ltg.updater.c.a(SourceFile:87)
        at com.sonatype.insight.brain.ltg.updater.c.a(SourceFile:68)
        at com.sonatype.insight.brain.ltg.updater.Main.main(SourceFile:46)

Does this have to do with using HTTPS? We are using openjdk version 11.0.9.

dgriffin · November 23, 2020, 3:02pm

Out of curiosity does your ROOT organization have zero LTGs?

u.maurer · December 30, 2020, 9:02am

Sorry for the late answer: No, it doesn’t. The ROOT organization has the usual LTGs (Banned, Weak Copyleft, … ) All LTGs in ROOT contain at least one license.

However, all organizations below ROOT do not have their own LTGs (they inherit all LTGs from ROOT).

dgriffin · January 12, 2021, 8:40pm

Latest LTG mappings: ltgs_20210112.csv (42.4 KB)

dgriffin · January 12, 2021, 8:41pm

Sorry for the delay in my response, my notification must have been buried. Would you be interested in meeting with me and going through your set up? I think I’m going to need to learn more before I can offer a solution or potential fix.

u.maurer · January 13, 2021, 11:24am

Sure a meeting (per video …) would be a great idea! It would be best to connect with one of our devops engineers, therefore we need to schedule an appointment 1-2 days in advance. As we are located in Germany we use CET.

dgriffin · May 26, 2021, 2:15pm

Latest LTG mappings: license_threat_groups_20210526.csv (47.0 KB)

dgriffin · July 26, 2021, 7:04pm

Latest LTG mappings:
license_threat_groups_20210726.csv (50.4 KB)

cathy.x.l.lv · October 26, 2021, 2:24pm

Hello,
May i know how to solve this null pointer exception?
Add all unassigned licenses to LTGs in root organization? [Y/n]

Exception in thread “main” java.lang.NullPointerException

cathy.x.l.lv · October 27, 2021, 2:39am

is the issue fixed?
We meet the same issue

cathy.x.l.lv · November 10, 2021, 7:10am

Hi Dgriffin,

how could we fix this null pointer exception?
Could you provide us any support?

dgriffin · December 16, 2021, 9:58pm

Hi all, there is an updated version of the LTG updater: ltg-updater-1.0.1.jar (7.6 MB)

Let me know if that resolves your issues, though likely if you are seeing NPE it could be the result of how you’ve configured your Lifecycle instance and I’d need to know more about your configuration to address the issue.

In addition to the latest LTG mappings: ltg_20211216.csv (50.8 KB)