[AI-4784] DDSaaS: Sonatype Nexus: Integration v1.0.0 (#19365)

* Initial Commit

* Added changes in changelog.d folder

* Added changes to resolve check failure

* Removing images with invalid resolution

* Adding images

* updated images

* Added relevant changes to the test files and agent code

* Resolved linting error and modified minor integration info

* Added changes to fix the pipeline

* Added changes to resolve pipeline check

* Added changes due to check failure

* Added changes to fix pipeline failure

* Added changes in instance.py file

* Added changes as per few refactoring changes

* Added formatting changes to fix checks

* Added changes as per review comments

* Added changes as per review comments

* Changed http to https

* Added changes in spec file to resolve pipeline stage failure

* Added changes as per linting

* Added linting changes

* Added linting changes

* Added changes in conf.yaml.example

* Added changes to sorting the imports

* Added changes as per pipeline failure

* Added refactoring changes

* Added vertical spaces

* Added space

* Added vertical space

* Modified test cases

* Resolved check failure error

* Added a vertical space

* Added changes as per e2e tests

* Added changes as per review comments

* Resolved linting error

* added linting changes

* linting changes

* linting changes

* Replaced saas-integrations with agent-integrations

---------

Co-authored-by: DhruvaPatel-crest <dhruva.patel@crestdata.ai>

Author: avaid-crest

.codecov.yml

@@ -582,6 +582,10 @@ coverage:
         target: 75
         flags:
         - sonarqube
+      sonatype_nexus:
+        target: 75
+        flags:
+        - sonatype_nexus
       Spark:
         target: 75
         flags:
@@ -1492,6 +1496,11 @@ flags:
     paths:
     - sonarqube/datadog_checks/sonarqube
     - sonarqube/tests
+  sonatype_nexus:
+    carryforward: true
+    paths:
+    - sonatype_nexus/datadog_checks/sonatype_nexus
+    - sonatype_nexus/tests
   spark:
     carryforward: true
     paths:

.github/CODEOWNERS

@@ -348,6 +348,11 @@ datadog_checks_base/datadog_checks/base/checks/windows/              @DataDog/wi
 /snowflake/pyproject.toml                                            @DataDog/saas-integrations @DataDog/documentation @DataDog/agent-integrations
 /snowflake/manifest.json                                             @DataDog/saas-integrations @DataDog/documentation
 
+/sonatype_nexus/                                                     @DataDog/agent-integrations
+/sonatype_nexus/*.md                                                 @DataDog/agent-integrations @DataDog/documentation
+/sonatype_nexus/manifest.json                                        @DataDog/agent-integrations @DataDog/documentation
+/sonatype_nexus/metadata.csv                                         @DataDog/agent-integrations @DataDog/documentation 
+
 /sonicwall_firewall/                                                  @DataDog/saas-integrations
 /sonicwall_firewall/*.md                                              @DataDog/saas-integrations @DataDog/documentation
 /sonicwall_firewall/manifest.json                                     @DataDog/saas-integrations @DataDog/documentation

.github/workflows/config/labeler.yml

@@ -553,6 +553,8 @@ integration/solr:
 - solr/**/*
 integration/sonarqube:
 - sonarqube/**/*
+integration/sonatype_nexus:
+- sonatype_nexus/**/*
 integration/sonicwall_firewall:
 - sonicwall_firewall/**/*
 integration/sophos_central_cloud:

.github/workflows/test-all.yml

@@ -3394,6 +3394,26 @@ jobs:
       minimum-base-package: ${{ inputs.minimum-base-package }}
       pytest-args: ${{ inputs.pytest-args }}
     secrets: inherit
+  j3835902:
+    uses: ./.github/workflows/test-target.yml
+    with:
+      job-name: sonatype_nexus
+      target: sonatype_nexus
+      platform: linux
+      runner: '["ubuntu-22.04"]'
+      repo: "${{ inputs.repo }}"
+      python-version: "${{ inputs.python-version }}"
+      standard: ${{ inputs.standard }}
+      latest: ${{ inputs.latest }}
+      agent-image: "${{ inputs.agent-image }}"
+      agent-image-py2: "${{ inputs.agent-image-py2 }}"
+      agent-image-windows: "${{ inputs.agent-image-windows }}"
+      agent-image-windows-py2: "${{ inputs.agent-image-windows-py2 }}"
+      test-py2: ${{ inputs.test-py2 }}
+      test-py3: ${{ inputs.test-py3 }}
+      minimum-base-package: ${{ inputs.minimum-base-package }}
+      pytest-args: ${{ inputs.pytest-args }}
+    secrets: inherit
   j529bc3b:
     uses: ./.github/workflows/test-target.yml
     with:

sonatype_nexus/CHANGELOG.md

@@ -0,0 +1,3 @@
+# CHANGELOG - sonatype_nexus
+
+<!-- towncrier release notes start -->

sonatype_nexus/README.md

@@ -0,0 +1,101 @@
+## Overview
+
+Sonatype Nexus is a popular repository management solution designed for managing software components and dependencies across the entire software development lifecycle. It supports a wide range of development languages and formats, making it a central hub for DevOps and continuous integration/continuous delivery (CI/CD) pipelines.
+
+The Sonatype Nexus integration collects analytics and instance health status metrics from Sonatype Nexus and sends them to Datadog for comprehensive analysis.
+
+## Setup
+
+### Installation
+
+The Sonatype Nexus check is included in the [Datadog Agent package][1]. No additional installation is necessary.
+
+### Get API credentials from Sonatype Nexus
+
+1. The `Username` and `Password` of either the **Administrator** account or a user with the **nx-metrics-all** privilege
+
+2. The `Server URL` of the Repository instance (for example, https://123.123.123.123:8081)
+
+### Connect your Sonatype Nexus account to the agent
+
+1. Copy the `conf.yaml.example` file.
+
+   ```sh
+   cp /etc/datadog-agent/conf.d/sonatype_nexus.d/conf.yaml.example /etc/datadog-agent/conf.d/sonatype_nexus.d/conf.yaml
+   ```
+
+2. Edit the `/etc/datadog-agent/conf.d/sonatype_nexus.d/conf.yaml` file. Add the following configurations.
+
+    ```yaml
+    instances:
+
+        ## @param username - string - required
+        ## Username of Sonatype Nexus instance
+        #
+      - username: <SONATYPE_NEXUS_USERNAME>
+
+        ## @param password - string - required
+        ## Password of Sonatype Nexus instance
+        #
+        password: <SONATYPE_NEXUS_PASSWORD>
+
+        ## @param server_url - string - required
+        ## Sonatype Nexus server url
+        #
+        server_url: <SONATYPE_NEXUS_SERVER_URL>
+
+        ## @param min_collection_interval - number - required
+        ## This changes the collection interval of the check. For more information, see:
+        ## https://docs.datadoghq.com/developers/write_agent_check/#collection-interval
+        #
+        min_collection_interval: 600
+    ```
+* Example for the `conf.yaml` when multiple instances of Sonatype Nexus are configured:
+
+    ```yaml
+    instances:
+      - min_collection_interval: 1800
+        username: <SONATYPE_NEXUS_USERNAME>
+        password: <SONATYPE_NEXUS_PASSWORD>
+        server_url: <SONATYPE_NEXUS_SERVER_URL>
+      - min_collection_interval: 1800
+        username: <SONATYPE_NEXUS_USERNAME>
+        password: <SONATYPE_NEXUS_PASSWORD>
+        server_url: <SONATYPE_NEXUS_SERVER_URL>
+    ```
+
+3. [Restart the Agent][2].
+
+### Validation
+
+- [Run the Agent's status subcommand][3] and look for `sonatype_nexus` under the Checks section.
+
+## Data Collected
+
+### Logs
+The Sonatype Nexus integration does not include any logs.
+
+### Metrics
+
+The Sonatype Nexus integration collects and forwards analytics, and instance health status metrics to Datadog.
+
+{{< get-metrics-from-git "sonatype_nexus" >}}
+
+### Events
+
+The Sonatype Nexus integration forwards the `sonatype_nexus.authentication_validation` event to Datadog.
+
+### Service Checks
+
+See [service_checks.json][6] for a list of service checks provided by this integration.
+
+## Support
+
+For further assistance, contact [Datadog support][4].
+
+
+[1]: https://app.datadoghq.com/account/settings/agent/latest
+[2]: https://docs.datadoghq.com/agent/guide/agent-commands/?tab=agentv6v7#start-stop-and-restart-the-agent
+[3]: https://docs.datadoghq.com/agent/guide/agent-commands/#agent-status-and-information
+[4]: https://docs.datadoghq.com/help/
+[6]: https://github.com/DataDog/integrations-core/blob/master/sonatype_nexus/assets/service_checks.json

sonatype_nexus/assets/configuration/spec.yaml

@@ -0,0 +1,37 @@
+name: sonatype_nexus
+files:
+  - name: sonatype_nexus.yaml
+    options:
+      - template: init_config
+        options:
+          - template: init_config/http
+          - template: init_config/default
+      - template: instances
+        options:
+          - name: username
+            required: true
+            description: "The username of your Sonatype Nexus account."
+            value:
+              type: string
+              example: test_username
+          - name: password
+            required: true
+            description: "The password of your Sonatype Nexus account."
+            value:
+              type: string
+              example: test_password
+          - name: server_url
+            required: true
+            description: "The Server URL of your Sonatype Nexus account."
+            value:
+              type: string
+              example: https://0.0.0.0:8081
+          - template: instances/default
+            overrides:
+              min_collection_interval.required: true
+              min_collection_interval.value.example: 600
+              min_collection_interval.value.minimum: 300
+              min_collection_interval.value.maximum: 64800
+              service.hidden: true
+              empty_default_hostname.hidden: true
+              metric_patterns.hidden: true

sonatype_nexus/assets/dashboards/sonatype_nexus_instance_health.json

@@ -0,0 +1,34 @@
+{
+	"version": 2,
+	"created_at": "2025-01-08",
+	"last_updated_at": "2025-01-08",
+	"title": "High number of failed unique user authentications detected",
+	"description": "Failed authentication attempts may indicate security risks, including unauthorized access or misconfigured credentials. This monitor tracks failed unique user authentications to identify issues and mitigate risks, ensuring secure access and system reliability.",
+	"definition": {
+		"id": 161336669,
+		"name": "High number of failed unique user authentications detected",
+		"type": "query alert",
+		"query": "max(last_1d):avg:sonatype_nexus.analytics.failed_unique_user_authentication_count{*} by {sonatype_host} > 10",
+		"message": "{{#is_alert}}\nRepeated failed authentication attempts can indicate potential security issues, such as unauthorized access attempts or misconfigured user credentials.\n\nA high number of failed unique user authentications have been detected. Take necessary action to mitigate potential risks.\n{{/is_alert}}",
+		"tags": [
+			"integration:sonatype_nexus",
+			"type:metrics"
+		],
+		"options": {
+			"thresholds": {
+				"critical": 10
+			},
+			"notify_audit": false,
+			"on_missing_data": "default",
+			"include_tags": true,
+			"silenced": {}
+		},
+		"priority": null,
+		"restriction_policy": {
+			"bindings": []
+		}
+	},
+	"tags": [
+		"integration:sonatype-nexus"
+	]
+}

sonatype_nexus/assets/dashboards/sonatype_nexus_metrics.json

@@ -0,0 +1,35 @@
+{
+	"version": 2,
+	"created_at": "2025-01-08",
+	"last_updated_at": "2025-01-08",
+	"title": "High percentage of JVM heap memory usage detected",
+	"description": "JVM heap memory stores objects created by Java applications, managed by the JVM, with garbage collection cleaning unused objects. This monitor tracks high JVM heap usage to identify and address issues, ensuring optimal memory management and application performance.",
+	"definition": {
+		"id": 161337519,
+		"name": "High percentage of JVM heap memory usage detected",
+		"type": "query alert",
+		"query": "avg(last_1h):(avg:sonatype_nexus.analytics.jvm.heap_memory_used{*} by {sonatype_host} / avg:sonatype_nexus.analytics.jvm.heap_memory_max{*} by {sonatype_host}) * 100 > 80",
+		"message": "{{#is_alert}}\nJMV heap memory stores all the objects created by the Java application. The JVM manages this space, and a special process called garbage collection automatically cleans up unused objects to free up memory.\n\nHigh percentage of JVM heap memory usage detected. Take necessary action to mitigate the issue.\n{{/is_alert}}",
+		"tags": [
+			"integration:sonatype_nexus",
+			"type:metrics"
+		],
+		"options": {
+			"thresholds": {
+				"critical": 80
+			},
+			"notify_audit": false,
+			"on_missing_data": "default",
+			"include_tags": true,
+			"new_group_delay": 0,
+			"silenced": {}
+		},
+		"priority": null,
+		"restriction_policy": {
+			"bindings": []
+		}
+	},
+	"tags": [
+		"integration:sonatype-nexus"
+	]
+}

sonatype_nexus/assets/monitors/high_number_of_failed_unique_user_authentication_detected.json

@@ -0,0 +1,34 @@
+{
+	"version": 2,
+	"created_at": "2025-01-08",
+	"last_updated_at": "2025-01-08",
+	"title": "Unhealthy available CPUs detected",
+	"description": "Available CPUs influence long-running operations and thread allocation in the web container. This monitor tracks CPU availability to identify issues and ensure optimal performance, preventing delays and maintaining system efficiency.",
+	"definition": {
+		"id": 161340184,
+		"name": "Unhealthy available CPUs detected",
+		"type": "query alert",
+		"query": "min(last_30m):avg:sonatype_nexus.status.available_cpus_health{*} by {sonatype_host} == 0",
+		"message": "{{#is_alert}}\nAvailable CPUs impacts longer running operations and also the thread allocation algorithms of the web container.\n\nAn unhealthy status for available CPUs has been detected. Take necessary action to mitigate potential risks.\n{{/is_alert}}",
+		"tags": [
+			"integration:sonatype_nexus",
+			"type:health_status"
+		],
+		"options": {
+			"thresholds": {
+				"critical": 0
+			},
+			"notify_audit": false,
+			"on_missing_data": "default",
+			"include_tags": true,
+			"silenced": {}
+		},
+		"priority": null,
+		"restriction_policy": {
+			"bindings": []
+		}
+	},
+	"tags": [
+		"integration:sonatype-nexus"
+	]
+}

sonatype_nexus/assets/monitors/high_percentage_of_jvm_heap_memory_usage_detected.json

@@ -0,0 +1,34 @@
+{
+	"version": 2,
+	"created_at": "2025-01-08",
+	"last_updated_at": "2025-01-08",
+	"title": "Unhealthy blob stores detected",
+	"description": "Nexus Repository uses blob storage to store repository files, including metadata, hashes, and indexes. This monitor tracks blob store health to prevent issues, ensuring efficient storage and system reliability. Immediate action is needed to address detected problems.",
+	"definition": {
+		"id": 161340768,
+		"name": "Unhealthy blob stores detected",
+		"type": "query alert",
+		"query": "min(last_30m):avg:sonatype_nexus.status.blob_store.ready_health{*} by {sonatype_host} == 0",
+		"message": "{{#is_alert}}\nNexus Repository uses a binary large object (blob) storage, or blob store, to store files found in a repository. This includes metadata, hashes, and repository-generated indexes.\n\nAn unhealthy status for blob stores has been detected. Take necessary action to mitigate the issue.\n{{/is_alert}}",
+		"tags": [
+			"integration:sonatype_nexus",
+			"type:health_status"
+		],
+		"options": {
+			"thresholds": {
+				"critical": 0
+			},
+			"notify_audit": false,
+			"on_missing_data": "default",
+			"include_tags": true,
+			"silenced": {}
+		},
+		"priority": null,
+		"restriction_policy": {
+			"bindings": []
+		}
+	},
+	"tags": [
+		"integration:sonatype-nexus"
+	]
+}

sonatype_nexus/assets/monitors/unhealthy_available_cpus_detected.json

@@ -0,0 +1,34 @@
+{
+	"version": 2,
+	"created_at": "2025-01-08",
+	"last_updated_at": "2025-01-08",
+	"title": "Unhealthy thread deadlock detected",
+	"description": "Thread deadlock occurs when threads are blocked, waiting on each other, preventing progress. This monitor tracks thread deadlocks to identify and address issues, ensuring system stability and preventing operational bottlenecks.",
+	"definition": {
+		"id": 161340392,
+		"name": "Unhealthy thread deadlock detected",
+		"type": "query alert",
+		"query": "min(last_30m):avg:sonatype_nexus.status.thread_deadlock_detector{*} by {sonatype_host} == 0",
+		"message": "{{#is_alert}}\nThread deadlock is a condition where two or more threads are blocked and unable to progress because they are waiting for each other.\n\nAn unhealthy status for thread deadlock has been detected. Take necessary action to mitigate the issue.\n{{/is_alert}}",
+		"tags": [
+			"integration:sonatype_nexus",
+			"type:health_status"
+		],
+		"options": {
+			"thresholds": {
+				"critical": 0
+			},
+			"notify_audit": false,
+			"on_missing_data": "default",
+			"include_tags": true,
+			"silenced": {}
+		},
+		"priority": null,
+		"restriction_policy": {
+			"bindings": []
+		}
+	},
+	"tags": [
+		"integration:sonatype-nexus"
+	]
+}

sonatype_nexus/assets/monitors/unhealthy_blob_stores_detected.json

@@ -0,0 +1 @@
+[]