Nexus IQ Server Release 166
Dariush Griffin
Hi all,
My apologies for the late notice as we released this last week, but the latest version of Sonatype IQ Server version 166 is freely available for download for all existing users.
What’s New in Sonatype IQ Server Release 166?
SPDX SBOM Analysis
Continuing on our initiative to enable support for SBOMs in SPDX® 2.3 format in Sonatype Lifecycle, we are excited to offer the capability to analyze SPDX SBOMs. The SPDX integration provides native component identification for many languages and formats. Users can also upload SPDX SBOMs (in XML or JSON file formats) directly, using the Third-Party Scan REST API for scan and analysis.
Improving Our Existing Features
This release covers significant enhancements based on valuable customer feedback and our commitment to continuous improvement.
IQ Server HA (High Availability) deployments can be auto-scaled
For production environments with varying load (for e.g. varying demand based on services hours,) users can now utilize the native Kubernetes HorizontalPodAutoScaler feature that deploys more pods in response to increased load or scales back to the configured minimum (2 pods) when the workload decreases. Auto scaling is disabled by default. Users can set the CPU and/or memory utilization limits in the IQ Server HA helm chart to enable auto-scaling.
Staying current with Python analysis
To align with the format changes of poetry.lock file from versions 1.5.1 onwards, we have improved the Python Application Analysis with this release. Sonatype Lifecycle will now automatically exclude devDependencies for poetry versions 1.5.1 and higher, provided that pyproject.toml exists and is discoverable
Easy discovery of violations, components, applications, and waivers
The dashboard now offers a wider view (not limited to the first 100 results) for violations, components, applications and waivers.. Users have the flexibility to customize the dashboard by using the filter option.
Improved next step when a vulnerability is remediated
We have revised the error message that showed up when a previously occurring policy violation does not exist any more (due to remediation of the vulnerability.) The revised error message indicates the updated vulnerability status and prompts the user to run a new scan to detect the latest violations.
Notable Bug Fixes
Fix for SCM Bulk Import
Client-side Timeouts Due to Slow Response Times
Inconsistency in Waiver Visibility
Fix for Clair and Conda Application Analysis
Error in Integrating IQ Server with Firewall for Artifactory
Fix for Policy Violation REST API
Line Comment Links in Bitbucket PRs
For more detailed information on release 166, please refer to the release notes.
Thank you,
Dariush Griffin
Sonatype Lifecycle - Product Manager
--
