Repository Management with Nexus

11.6. Policy Enforcement with Sonatype CLM

As discussed in Chapter 2, Component Lifecycle and Repository Management, Component Lifecycle Management (CLM) and Repository Management are closely related activities. The Sonatype CLM suite of tools provides a server application for administrating your component usage policies and other features that integrate with other tools of the suite. It has access to extensive security vulnerability and license information data from the Sonatype CLM backend, that can be used as input for your policies. For example you could establish a policy that is logged as violated, if any component in your software has a known security vulnerability or uses a license that is incompatible with your business model.

Nexus Professional - CLM Edition is an important component that can take advantage of the CLM server. The Sonatype CLM server can be integrated to validate policies as part of your usage of the staging suite of Nexus.

Detailed instructions on how to install and configure the Sonatype CLM server as well as the integration in Nexus can be found in the Sonatype CLM documentation.