I'm going to close this as there will be no action taken from the vendor on this.

RelEng created an LDAP group awhile ago to give developers access to the NexusIQ info.
Community members just open a helpdesk ticket asking to be added to the  "nexus-iq-onap-devs" group.

We can share the info with the other orgs as long as we are working directly with their security teams.

 -kenny

@Former user - in addition to @Amy Zwarico's request, I have deferred this ticket to El-Alto based on TSC Call (2/14/2019). Path to move forward: Creation of single group including committers. This request will be implemented at the same time than CLA Enforcement. For Dublin, we will proceed as we did for Casablanca.

Please ask Sonatype if we can share the NexusIQ scan results related to ODL with the ODL team.

Reviewed status with one of our internal application teams regarding an alternate solution proposed before the break. Met on this Tuesday.  Suggested solution only provides library traceability based upon know CVEs - No direct code analysis.  Dead-end.

Sent an email to Sonatype earlier to set up a meeting.

Currently rescheduled to the next TSC call - January 10th, 2019