This repository contains a script to check if you have open source (components) artifacts stored in your hosted repositories. The generated file can then be used to evaluate the components using the Nexus Platform.
- Python3
- GoLang
- NXRM3 OSS or PRO
- Local build of Sonatype Hashbrowns.
Hashbrowns is a utility for scanning sha1 sums with Sonatype's Nexus IQ Server.
โผ - Large registries with NX3 might cause an orient error. If you run into this contact your Sonatype CS for help
Download and build Sonatype Hashbrowns from source - https://github.com/sonatype-nexus-community/hashbrowns
git clone https://github.com/sonatype-nexus-community/hashbrowns.git
cd hashbrowns
make
If make
causes this error:
xcrun error: invalid active developer path...
missing xcrun at: ...
Run: xcode-select --install
You'll need to modify the script to include
- Auth creds or tokens from your NXRM. (
USER
andTOKEN
) - URL to your Nexus (
REPO_HOSTNAME
) - Hosted Repository to evaluate
REPO
You'll find examples of all in the script.
python3 -m venv venv
Do this in your terminal or by using your favorite IDE
venv\Scripts\activate.bat
source venv/bin/activate
source venv/bin/activate.fish
pip install -r requirements.txt
If error make sure pip is updated: pip install --upgrade pip
To run the script simply type - results will be piped to the file specified.
python3 ./hashbrowns-order.py > hashbrowns-order.txt
- The application ID must exist in the IQ server before running the following.
cd <hashbrowns directory>
./hashbrowns fry --application hosted-nxrm --token "Nexus!23" --server-url "http://localhost:8070" --user "admin" --stage stage-release --path <path>/hashbrowns-order.txt
The report URL is printed after the report runs. Prepend the report url with the IQ server hostname and port.
- The report will list public open source components found in the hosted repositories. These components should be removed from the hosted repositories and served by proxy repositories.