A plugin for integrating Nexus Repository Manager and Nexus Lifecycle into a Jenkins job. Information about using the plugin can be found in Nexus Platform Plugin for Jenkins.
Please use the links below to find information about using the plugin with your desired software
- Added scanning and application/package analysis support for Conan using a conaninfo.txt file (in addition to the files conanfile.txt and conanfile.py).
- Added scanning and application/package analysis support for Golang using a go.list file (in addition to the file go.sum).
- Added scanning and application/package analysis support for the following ecosystems:
- Alpine
- Conda
- Debian
- Drupal
- R (Cran)
- Rust (Cargo)
- Swift (Cocoapods)
- Yum
- Use policy violation counts instead of component counts in the policy evaluation summary
- Fixed an issue with y-axis labels on the new trend graph
- Fix to ensure that all Nexus IQ for SCM logging goes to the build log instead of the server log
- Fix additional marshalling issue with new trend graph
- Fix marshalling issue with new trend graph
- Fix issue with y-axis number on new trend graph
- Add Nexus IQ Build Report which shows details for warn/fail vulnerabilities
- Support slave nodes for automatic repository URL discovery for usage with Nexus IQ for SCM
- Add trend graph to a Pipeline, which depicts the information about the last 5 builds with critical, severe and moderate violation numbers
- Support to scan and evaluate Clair identified container dependencies
- Support to scan and evaluate identified dependencies from a CycloneDX SBOM file
- Support for automatically deducing the repository URL for usage with Nexus IQ for SCM
- Support for automatically deducing git commit hash for usage with Nexus IQ for SCM
- Nexus IQ 1.69 or newer is a required upgrade to use the Nexus Platform Plugin
- Support for Scanning Go Modules
- Mitigate IQ Server Client Timeouts
- Add messages about Nexus Vulnerability Scanner to the plugin
- Add ability to provide custom/advanced properties to IQ scanner
- Fix for environmental variables not getting resolved in the tags field
- Support for Java 12 IQ evaluations
- Support for Scanning Python Wheel Packages
- Support for Java 10, 11 IQ evaluations
- Support for Python coordinate detection via requirements.txt files
- Support for multiple policy evaluations per Jenkins job
- Added application name and IQ stage to the entries in the build results
- Renamed the "Application Composition Report" to "Nexus IQ Policy Evaluation"
- [Fixed] Could not connect to Nexus Repository servers exposed over HTTPS
- [Fixed] Proxy settings were not respected when verifying connection to Nexus Repository
- [Fixed] IQ application list incorrect for jobs configured to use job specific credentials
- [Fixed] Environment variables weren't expanded for manual application IDs
- [Fixed] When configuring the 'Invoke Nexus Policy Evaluation' build step, the 'module excludes' field is not persisted on save.
- [Fixed] Jenkins Platform Plugin unable to determine Nexus Repository Manager version using Server URL with trailing slash
- [Fixed] Jenkins plugin fails requests when Nexus is not at base context path
- Add link to plugin documentation for NXRM3 to readme
- The plugin will now emit a warning when the scanner encounters an invalid JAR file:
"[WARN] Could not open some.jar as an archive. Will scan it as regular file."
- Nexus IQ 1.50 or newer is a required upgrade to use the Nexus Platform Plugin
- Support for Nexus IQ Policy Violation Grandfathering.
- Fixed snippet generation.
- New build step available for tag association
- Move components using NXRM3 search criteria from Pipeline
- Added support of Nexus Repository Manager 3.13.0-01 servers for Maven component uploads, and new staging features (for Pro versions): tags, move, and delete.
Please see Nexus Platform Plugin for Jenkins for more details.
- Fixes for recording of component occurrences
- Log additions for automatic application creation
- UI fixes for chiclet style on older versions of Jenkins
- Nexus IQ 1.47 or newer is a required upgrade to use the Nexus Platform Plugin
- Support for Nexus IQ automatic application creation
-
Pipeline jobs using the plugin will now fail during execution if a policy action is set to fail the build. This is different from previous behavior which would set the build result to failure but allow the build to continue. This is adopting standard practice for Jenkins pipeline plugins and allows more visibility into what has failed and why. Pipelines that require continuation of the build will have to surround the plugin step with try catch, where the evaluation information is now wrapped in the exception argument.
-
The pipeline step has always returned a model for the evaluation containing information about the results. The ApplicationPolicyEvaluation will no longer include a boolean for reevaluation therefore calls to get or set this will fail. The Jenkins pipeline has never supported reevaluation and this boolean has always returned false. For simplification, it has been removed.
- Module.xml evaluation support. The Nexus Platform Plugin for Jenkins now supports policy evaluations against results generated by the clm-maven-plugin index goal. The new plugin will scan module.xml files available in '/sonatype-clm/module.xml', '/nexus-iq/module.xml' and will support module exclude patterns to exclude these files if desired.
- Fix for directory structure of JavaScript files scanned by the plugin
- No longer requires optional parameters to be declared in declarative pipelines
- All users can now select credentials for jobs as long as they have the appropriate permissions to configure the job and view the credentials
- Whitelist updates to support JEP-200
- Support for Java 9 IQ evaluations
- Update upstream dependencies to consume latest IQ server Application Evaluation result
- Fix for throwing serializable exception upon client exception
- Support for Docker image evaluations
- Support for credentials in Folder stores
- Support for Certificate credentials through the Credentials Plugin
- Support for Nexus Publish when remote agent is used for build.
- Fix for connection pool saturation when publishing many components.
- Initial release to the Jenkins Update Center.
Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
This program is licensed to you under the Apache License Version 2.0,
and you may not use this file except in compliance with the Apache License Version 2.0.
You may obtain a copy of the Apache License Version 2.0 at http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing,
software distributed under the Apache License Version 2.0 is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.