Suggested Reading: What is a Scenario?
Sonatype NexusIQ Lifecycle is a commercial tool and therefore a valid license is necessary to activate its Scenario.
Tool Specific Permissions
You can use the ZeroNorth Scenario called nexusiq-default to orchestrate a composition analysis of your project or build artifact using your own Sonatype account. Composition analysis by Sonatype NexusIQ Lifecycle will identify use of open-source components that might introduce security risks to your application.
Obtaining your Sonatype Organization ID
To obtain your “Organization ID” needed for activating the Scenario:
- Sign in to your Sonatype account.
- Navigate to the “Organizations & Policies” section of the web UI.
- Your Organization ID is the right most portion of your URL.
See below illustration for an example:
Activate Sonatype NexusIQ Scenario
- Login to the web UI and then go to zn ADM > Scenarios .
- Locate “Sonatype” under Products .
- Click on +Add Scenario to the bottom right of the Product.
- Select Scenario Configuration “nexusiq-default”.
Items in bold are required.
- Name (see our Scenario Name Recommendations)
- Organization Id - see previous instructions for a detailed explanation on this
- API username - this is the login name for your Sonatype account
- API password - this is the password for your Sonatype account
- API URL - this is the URL you use to access your Sonatype account
Results
- Scenario will become available as a drop down when creating a Policy
- Scenario tile will change from “inactive” to “active”