Logo Sonatype CLM Optimized Component Lifecycle Management with Sonatype CLM
Documentation Index
Sonatype CLM Downloads
Document Descriptions
Release Notes

Sonatype CLM Server
Installation and Deployment Guide
Security Administration Guide
Policy Management Guide
Report User Guide

CI User Guide

IDE User Guide

Repository Manager User Guide

Nine Steps For Open Source Governance
Optimized Component Lifecycle Management with Sonatype CLM

Optimized Component Lifecycle Management with Sonatype CLM

Chapter 3. Sonatype CLM Policy Management

3.1. Introduction
3.2. What is a Policy?
3.2.1. Basic Policy Anatomy
3.2.2. Organizations, Applications and Inheritance
3.2.3. Summary
3.3. Organization and Application Management
3.3.1. Organizational Structure
3.3.2. Creating an Organization
3.3.3. The Application to Application Link
3.3.4. Creating an Application
3.3.5. Organization, Application, and Inheritance
3.3.6. The Power of Inheritance
3.3.7. Avoiding Policy Micromanagement
3.3.8. Permissions and Roles
3.3.9. Summary
3.4. Policy Development
3.4.1. Advanced Anatomy of a Policy
3.4.2. Risk and Organizational Intent
3.4.3. Summary
3.5. Policy Management
3.5.1. Step 1: Understand the Policy Intent
3.5.2. Step 2: Decide on a Descriptive Policy Name
3.5.3. Step 3: Choose an Appropriate Threat Level
3.5.4. Step 4: Choose the Application Matching Parameters
3.5.5. Step 5: Create Constraints with Conditions
3.5.6. Step 6: Set Policy Actions
3.5.7. Summary
3.6. Policy Elements
3.6.1. What is a Label?
3.6.2. Creating a Label
3.6.3. Creating a Condition Based on a Label
3.6.4. What is a License Threat Group?
3.6.5. Creating a License Threat Group
3.6.6. Creating a Condition Based on a License Threat Group
3.6.7. What is a Tag?
3.6.8. Creating, Editing, and Deleting Tags
3.6.9. Applying a Tag
3.6.10. Matching Policies to Specific Applications
3.6.11. Viewing Tag-based Policies
3.6.12. Summary
3.7. Manual Application Evaluation
3.7.1. Evaluating via the CLM Server
3.7.2. Evaluating via the Stand-alone Scanner
Finding the Application ID
Using the Stand-alone Scanner
Additional Options
Stand-alone Scanner Example
3.7.3. Report Generation
3.7.4. Summary
3.8. Reviewing Evaluation Results
3.8.1. Accessing the Application Composition Report
3.8.2. Reviewing the Report
3.8.3. Summary
3.9. Importing Policies
3.9.1. Sonatype Example Policies
3.9.2. Importing a Policy to an Organization
3.9.3. Importing a Policy to an Application
3.9.4. Summary
3.10. Policy Monitoring
3.10.1. Setup Policy Monitoring for an Application
3.10.2. Configuring Notification Times
3.10.3. Summary
3.11. Conclusion