Integrate Sonatype Nexus IQ with Vulnetix. Use the Nexus IQ CLI to scan components and export findings in SARIF or CycloneDX format for upload to Vulnetix.

SaaS platformSARIFCycloneDXSPDXJSON

Run Sonatype Nexus IQ in CI

Scan on every push and upload the results to Vulnetix:

- name: Setup Java
  uses: actions/setup-java@v4
  with:
    java-version: '17'
    distribution: 'temurin'

- name: Download Nexus IQ CLI
  run: curl -L https://download.sonatype.com/clm/scanner/nexus-iq-cli.jar -o nexus-iq-cli.jar

- name: Run Nexus IQ scan
  run: |
    java -jar nexus-iq-cli.jar -s "$IQ_SERVER_URL" -a "$APP_ID" .
  env:
    IQ_SERVER_URL: ${{ secrets.IQ_SERVER_URL }}
    APP_ID: ${{ secrets.NEXUS_APP_ID }}

Centralise Sonatype Nexus IQ results in Vulnetix

Upload Sonatype Nexus IQ SARIF, CycloneDX, SPDX, JSON output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.

Sonatype Nexus IQ documentation ↗

Wire Sonatype Nexus IQ into your CI/CD pipeline →

Sonatype Nexus IQ Integration Guide

Run Sonatype Nexus IQ in CI

Centralise Sonatype Nexus IQ results in Vulnetix