Is this plugin applicable when Nexus IQ scan is run using Jenkins - Nexus Platform plugin?

[vinishakurapati]

• **What are you trying to do?

• I would like to scan my node-modules folder packages(which is created after running npm install) before scanning my War file( which is generated after using "npm run build" command**

• What feature or behavior is this required for?

• I added the copy-modules- webpack plugin code in "webpack-config-dev" file and have also set includepackage.json to true. So now How should I perform the scan? (PS: My company uses Jenkins-Nexus platform plugin which will perform scan of "war" file and give a link of Nexus results report)

• How could we solve this issue? (Not knowing is okay!)

• How do we run the scan after including this plugin in " webpack config -dev file"

PS: I am pulling the packages using remote Jfrog artifactory which is directed to Open-source npmjs.org so scanning these packages is important for security compliance. Seeking some suggestions to scan it using Nexus IQ scanner
@rpokorny @304NotModified @elijahe @seminolas @mpiggott @scherzhaft

[304NotModified]

Why am I tagged?

[rpokorny]

Yes, this can be used along with the Nexus Platform Plugin for Jenkins. What the copy-modules-webpack-plugin does is simply copy the relevant files (the files that are actually contributing to your webpack output bundle) from your node_modules and any other source directories to another directory of your choosing. Then you can just configure the Nexus Jenkins plugin to scan that directory rather than your actual node_modules directory. For instance, if you set up the copy-modules-webpack-plugin to copy to a directory called webpack-modules, your Jenkinsfile would contain a Nexus plugin configuration along these lines:

nexusPolicyEvaluation(
  // ... other configurations here
  iqScanPatterns: [[scanPattern: 'webpack-modules']],
)