After a completed installation (see Section 15.1, “Installation”) and global configuration (see Section 15.2, “Global Configuration”) of Sonatype CLM for CI, you are ready to configure an invocation as part of a specific job.
Depending on your job type it will be available as a pre and/or post-build step as well as an invocation as a main build step. A pre-build step or a main build step executed before your main build invocation step could be used to examine components existing in the workspace or being placed into the workspace by an earlier build step.
The typical invocation would be as main build step, after the package that should be examined has been created. An example configuration from Jenkins is displayed in Figure 15.3, “Sonatype CLM Build Scan Configuration for a Build Step”.
The configuration options for Sonatype CLM for CI invocations mimic the parameters from the global configuration described in Section 15.2, “Global Configuration” and are appended to the global parameters. The configuration parameters are:
While username and password can be configured globally, in some cases you may want a certain job to be associated with a user who has permissions to specific Organization and/or Applications. Job Specific Authentication allows you to configure a user for this job and use the associated permissions to select the Application for the evaluation.
Depending on what application is used, the policies associated to the application will be used for the analysis of this build job output. There are two options for choosing what CLM application to associate with the build:
Check this option if you want to fail the build when a CLM evaluation can’t be performed. Once checked, if for any reason the evaluation is not generated, the build will be failed.
An example of this might be if the CLM server is inaccessible. In this scenario, the build would fail. In the same example, but where the Fail the build option is left unchecked, the build would be marked unstable.
This corresponds to the stage you wish the policy evaluation of the application/project to be run against. Additionally, this will correspond to the stage location when viewing report information via the CLM Server (e.g. if you chose the Build stage, summary and dashboard violation results will be displayed accordingly).
Depending on how your policies are configured, this may impact warning and fail actions. |
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia