Nexus IQ Server Release 152

7 views
Skip to first unread message

Mandeep Singh

unread,
Jan 12, 2023, 4:11:41 PM1/12/23
to clm-anno...@glists.sonatype.com

Hi!


The latest version of Nexus IQ Server version 152 has been released and is freely available for download for all existing users.


With this first release of 2023, we introduce 2 new experimental features.

  1. Custom security vulnerability groups: 

This release offers users the ability to organize security vulnerabilities into custom group names. These groups can be utilized as a policy constraint to create policies targeted at specific classes of vulnerabilities. For instance, users can create a “must fix” or “easy to remediate” group to aid in prioritization, remediation, and risk management. 


  1. Call flow analysis for Maven components using Nexus IQ CLI

The Nexus IQ CLI now includes two new flags that will enable call flow analysis for Maven applications. Call flow analysis identifies components with vulnerabilities that are reachable from your code and are potentially more susceptible to exploitation. This should help individuals prioritize their remediation efforts.



Some improvements include:

  • Redesigned updated views for Firewall Repository Results and Firewall Component Details. This update delivers meaningful insights into violation counts, component identification, and quarantined components with improved filtering, pagination, and UI

  • A new policy condition to check whether a component has undergone Fast Track or Deep Dive research

  • Signed Nexus IQ docker image, now available to inspect at the docker hub

  • Repository waivers can be viewed on the Nexus Lifecycle dashboard

  • Improved Performance of Repository Results view in terms of load time for larger repos

  • Ability to ‘waive all versions’ of a component for 'root org'. This means a waiver applied to one version of a component will now apply to all future versions of that component

  • Setting environment variables for Nexus Container scanning is now optional

  • purgeScanFiles property of Configuration REST API - v2 can be used to configure retention of older scan files

  • automaticQuarantineReleaseTimeIntervalInMinutes property of Configuration REST API - v2 can be used to configure the schedule to run Automatic Quarantine Release


For more detailed information on release 152, please refer to the release notes.


Thank you,


--

Mandeep Singh

Product Manager

 Sigstrlogo2x1657561912.png

Read the guide that defines rapidly changing open source.

Reply all
Reply to author
Forward
0 new messages