NexusIQ security in SDLC
Managing numerous applications can be challenging, especially when it comes to organizing them for better management and policy enforcement. To tackle this issue, we have created a Python script that interacts with the NexusIQ API to automate the process of updating application categories, aligning with DevSecOps principles to integrate security into the deployment lifecycle.
What are Applications Categories?
Application Categories help differentiate applications based on their intended environments or risk profiles. For example, high-risk applications may require stricter security measures, while lower-risk ones can follow standard protocols. This differentiation is essential for creating targeted policies (see official documentation).
What are the benefits?
The main goal is to ensure that all applications within the Nexus IQ Server are properly categorized. Categorizing applications is important for several reasons:
- Organization: It helps manage applications more efficiently.
- Reporting: Categories enable better reporting and analytics, making it easier to track and monitor applications.
- Policy Enforcement: Categories can be used to apply specific policies or rules within the Nexus IQ Server, ensuring compliance with DevSecOps best practices.
- Automation: Automating the categorisation process reduces manual effort and ensures consistency.
Handling Uncategorised Applications
It’s important to note that some applications are not categorized for various reasons, including:
- Lack of Information: Some applications may not have enough metadata to determine an appropriate category.
- New Applications: Newly added applications might not have been categorized yet.
- Human Error: Manual processes may have resulted in some applications being overlooked.
By identifying and updating these uncategorized applications, we ensure that all applications are properly managed and categorized.
Steps
1. Get all applications
def get_applications(url: str, credentials: str) -> list:
response: Response = get_with_retry(url=f'{url}/api/v2/{APPLICATIONS}', auth=credentials)
data: dict = response.json()
return data
2. Filter for Uncategorised applications
def get_uncategorized_applications(url: str, credentials: str) -> dict:
data: list = []
applications: list = get_applications(url=url, credentials=credentials)
for app in applications['applications']:
app_category = app['categories']
key_to_replace = "categories"
if app_category:
continue
identified_apps = _update_dict(app, key_to_replace)
data.append(identified_apps)
return data
def _update_dict(dictionary, key):
_dict = dictionary.copy()
_dict.pop(key, None)
_dict.update({'applicationTags': [{"tagId": "xxxxxxxxxxxxxxxxxxxxx"}]}) # tagId == Distributed
return _dict
3. Update applications
def update_applications(url: str, credentials: str) -> Response:
app_data = get_uncategorized_applications(url=url, credentials=credentials)
session = Session()
headers = {'content-type': 'application/json'}
for data in app_data:
id = data['id']
name = data['name']
print("Updating the following app: ", name)
response = session.put(url=f'{url}/api/v2/applications/{id}', json=data, headers=headers, auth=credentials)
print(response)
return response
Conclusion
Updating application categories is crucial for maintaining a well-organized application inventory within Nexus IQ. This practice not only reduces manual effort and ensures consistency but also enhances security measures in line with DevSecOps Principles. By integrating security into the categorisation process, we can better manage risk and compliance across our application landscape.