Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
...
Configure Project for Nexus IQ (CLM) Analysis
The Nexus IQ system analyzes project for supports component lifecycle management (CLM) issues and reports the results to , which mostly means analyzing third-party libraries used by the project and reporting any issues with those dependencies such as known security vulnerabilities. The results are published at https://nexus-iq.wl.linuxfoundation.org/assets/index.html.
Configure Java/Maven Project for Nexus IQ (CLM)
No special project configuration is required.
Ensure the jenkins job template 'gerrit-maven-clm' is configured to define the required job. The job runs weekly, or on demand in response to posted comment "run-clm".
Configure Python/Tox Project for Nexus IQ (CLM)
The Python project must be configured to report its package dependencies for analysis by the Nexus IQ scanner. Add a new environment to the tox.ini file called "clm" with the following content.:
[testenv:clm] # use pip to report dependencies with versions whitelist_externals = sh commands = sh -c 'pip freeze > requirements.txt' |
Then ensure Ensure the jenkins job template 'gerrit-tox-nexus-iq-clm' is configured to define the required job. The job runs weekly, or on demand in response to posted comment "run-clm".
...