Integrating SonarQube with Nexus Lifecycle

SonarQube + Nexus Lifecycle.

SonarQube + Nexus Lifecycle

Many development organizations we work with have turned to SonarQube as a dashboard to visualize and measure their code quality.

Customers using Nexus Lifecycle (formerly CLM) want to surface known security vulnerabilities and license risk in the same place developers or executives already go to assess the overall quality of their application. To support this growing interest from our customers, we have introduced Nexus Lifecycle integration with SonarQube.

SonarQube - Nexus Lifecycle


Figure 1. SonarQube widget example highlights open source policy violations that require attention.  Drill down reports with with detailed analysis are accessible directly from this widget.

This integration will allow you to access summary-level Nexus Lifecycle information for your applications, as well as link to Nexus Lifecycle Application Composition Reports directly from your SonarQube projects.

SonarQube - Nexus Lifecycle


Figure 2. Nexus Lifecycle Application Composition Reports offer detailed analysis of license and security issues down to the individual components and risks.

If you are already using SonarQube, you know first hand the impact that principles such as the 7 Axes of Code Quality can have on the applications and projects your teams create. Paralleling this, as a user of Nexus Lifecycle you also know how using good components is a critical and essential part of developing quality applications. Nexus Lifecycle for SonarQube brings both of these together.

  1. THE SOFTWARE:  For Nexus Lifecycle users needing access to the 1.11 release, it can be found on our KnowledgeBase here.

  2. THE INTEGRATION: For Nexus Lifecycle users looking for more information on the SonarQube integration, you can quickly get up-and-running with our online guides here.

  3. LEARN MORE: What to learn more about SonarQube?  Here is an informative article I found from Nadeem Mohammad.

Finally, if you are looking for information on how Nexus  Lifecycle integrates into your complete development environment, here are some links that you might find helpful:

The following two tabs change content below.

Brian Fox

Brian is Chief Technical Officer at Sonatype. He has extensive open source experience as a member of the Apache Software Foundation and former Chair of the Apache Maven project. Brian was a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin. He has over 15 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including Java User Groups and other development related conferences.

Related posts


  1. Pingback: IT Press Review – July 2015 | Jamkey

Leave a Reply to Mark Miller Cancel reply