Nexus IQ Server Release 171
Dariush Griffin
Hi all,
Latest version of Sonatype IQ Server version 171 has been released and is freely available for download for all existing users.
Our first release for this New Year offers users new ways to assess the impact of using open-source software components including the rapidly growing usage of AI/ML components.
The new interactive visualizations under Integrated Enterprise Reporting, offers insights into the effectiveness of Sonatype Lifecycle; offering you the finest and most up to date component intelligence. This feature is available to the users from the left navigation bar of Lifecycle, Data Insights. It covers:
Open-source AI/ML component usage in applications
As a step forward to achieve observability for AI/ML components, this dashboard displays the consumption patterns of open source AI/ML components in applications. Users can use dashboard filters to view AI/ML components based on the type of ML framework/model the component functions.
For large enterprise AI/ML initiatives, this data can be used to create governance policies for responsible adoption of AI.
Component End-of-Life
This dashboard displays a list of applications and the corresponding EOL components detected by Lifecycle. Based on this data, you can strategically plan to retire old OSS components and migrate to the latest supported ones.
Rolling Recap for the last 365 days
Users can view the current vulnerability risk associated with the applications, the tech stack diversity showing the different components of varied ecosystems found and analyzed by Lifecycle and the efficiency of your teams in fixing the top vulnerabilities.
Key Performance Metrics for Sonatype Repository Firewall
Using the GET method for the Firewall REST API, users can retrieve exact no. of safe versions of components automatically selected by Firewall, no. of components auto-released, no. of namespace attacks blocked, no. of supply chains blocked, no. of components waived and quarantined.
Other Improvements in this Release
Customize Policies at the Repository Level
Users can now set a customized policy for each repository under the Repository Managers, to allow a more granular control in multi-tenant or multi-organizations environments.
Scan SBOMs without pURL
We have enhanced the Third-Party Scan REST API to identify the components even when no package-URL (pURL) is specified or is unidentifiable in a SBOM.
Searching on Orgs using Advanced Search
Advanced Search will now retrieve all child organizations in the hierarchy when searching on organizations.
Project Dependency Detection for Maven
Sonatype IQ CLI scanner can now be set to scan only the project dependencies section of Maven pom files.
Notable Bug Fixes:
This release fixes an issue that prevented identification of licenses in a CycloneDX SBOM, if they were specified in the expression field.
For more detailed information on release 171 and tracking resolved issues, please refer to the release notes.
Thank you,
Dariush Griffin
Sonatype Lifecycle - Product Manager
--
