Nexus IQ Server Release 170

106 views
Skip to first unread message

Dariush Griffin

unread,
Dec 7, 2023, 4:54:00 PM12/7/23
to clm-anno...@glists.sonatype.com

Hi all,


Latest version of Sonatype IQ Server version 170 has been released and is freely available for download for all existing users.


We have made several database changes to complete our transition to using the term Legacy Violations. This could cause longer than usual upgrade times, roughly around an hour.


Improvements in this Release 


Extended Docker Image Scanning Capabilities

This release contains improvements to the scanning process for docker images. Users can now scan docker images saved as .tar files that were converted from OCI (Open Container Initiative) images using Skopeo.


CycloneDX 1.5 Format is Fully Supported

This release fully supports the most advanced CycloneDX format. We’ve updated the  Third-Party Scan REST API, CycloneDX Application Analysis, and CycloneDX REST API to support CycloneDX schema version 1.5. 


New Policy Violation REST API Query Parameters to Avoid OOO Errors

Users can utilize the new optional query parameters openTimeAfter and openTimeBefore for the Policy Violation REST API, to filter the number  of violations returned, by a custom date range. This will limit the query results and  eliminate the possibility of running into out-of-memory errors or slow response times for Lifecycle instances with multiple years of policy violation data.


Active Waivers Indicator

This release contains an enhancement to the “Waiver” workflows. The improved  Application Composition Report when toggled to Aggregate by Component mode, will show waived policy violations that used to be hidden in previous versions,  It also shows the total number of violations that were being actively waived at the time of the scan.


Advanced Search Improvements

Users can now narrow down their search for components or vulnerabilities by organization. The Advanced Search feature in this release has been enhanced to fine tune the search by allowing the users to include organizationName or organizationID in their search query.

This will require running the Re-Index before first use. Refer to Performing a Search for more details.


Notable Bug Fixes


This release contains fixes for:


  1. Error loading large reports in Lifecycle

  2. Poetry.lock scan when no further dependencies were found

  3. Third Party Scan REST API generating empty scan reports when the id field for vulnerability objects exceeded 20

  4. Prolonged startup times for IQ HA (High Availability) pods containing terabytes of data


For more detailed information on release 170 and tracking resolved issues, please refer to the release notes.


Thank you,

Dariush Griffin

Sonatype Lifecycle - Product Manager


--

Dariush Griffin

Senior Product Manager
Mobile: 512.299.0429

 Sigstrlogo2x1657561912.png

Read the guide that defines rapidly changing open source.

Reply all
Reply to author
Forward
0 new messages