Many development organizations we work with have turned to SonarQube as a dashboard to visualize and measure their code quality.
Customers using Nexus Lifecycle (formerly CLM) want to surface known security vulnerabilities and license risk in the same place developers or executives already go to assess the overall quality of their application. To support this growing interest from our customers, we have introduced Nexus Lifecycle integration with SonarQube.
Figure 1. SonarQube widget example highlights open source policy violations that require attention. Drill down reports with with detailed analysis are accessible directly from this widget.
This integration will allow you to access summary-level Nexus Lifecycle information for your applications, as well as link to Nexus Lifecycle Application Composition Reports directly from your SonarQube projects.
Figure 2. Nexus Lifecycle Application Composition Reports offer detailed analysis of license and security issues down to the individual components and risks.
If you are already using SonarQube, you know first hand the impact that principles such as the 7 Axes of Code Quality can have on the applications and projects your teams create. Paralleling this, as a user of Nexus Lifecycle you also know how using good components is a critical and essential part of developing quality applications. Nexus Lifecycle for SonarQube brings both of these together.
THE SOFTWARE: For Nexus Lifecycle users needing access to the 1.11 release, it can be found on our KnowledgeBase here.
THE INTEGRATION: For Nexus Lifecycle users looking for more information on the SonarQube integration, you can quickly get up-and-running with our online guides here.
Finally, if you are looking for information on how Nexus Lifecycle integrates into your complete development environment, here are some links that you might find helpful:
Integration with continuous integration servers (e.g., Hudson/Jenkins),
Integration integrates with IDEs (e.g., Eclipse)
Integration integrates with repository management (e.g., Nexus)
Integration integrates with build managers (e.g., Maven)
Latest posts by Brian Fox (see all)
- Java AutoModules Considered Bad for Your Health - January 23, 2017
- Did you wake up to an alert about the Java Deserialization vulnerability? - November 13, 2015
- Software Supply Chain Management: Lessons from other Industries [VIDEO] - July 29, 2015
- Nexus Lifecycle 1.15 Release - June 15, 2015
- Integrating SonarQube with Nexus Lifecycle - June 4, 2015