Logo Sonatype CLM Sonatype CLM - CI User Guide
Documentation Index
Sonatype CLM Downloads
Document Descriptions
Release Notes

Sonatype CLM Server
Installation and Deployment Guide
Security Administration Guide
Policy Management Guide
Report User Guide

CI User Guide

IDE User Guide

Repository Manager User Guide

Nine Steps For Open Source Governance
Optimized Component Lifecycle Management with Sonatype CLM

Sonatype CLM - CI User Guide

2.3. Global Configuration

After a successful installation of the Sonatype CLM for CI plugin, the global Jenkins/Hudson configuration menu, displayed in Figure 2.1, “Jenkins Global Configuration Menu” includes a separate item for Sonatype CLM with the title Configure Sonatype CLM for CI . Click the link to get to the global configuration displayed in Figure 2.2, “Global Configuration of Sonatype CLM for CI in Jenkins”.

figs/web/ci-jenkins-global-config.png

Figure 2.2. Global Configuration of Sonatype CLM for CI in Jenkins


The global configuration for Sonatype CLM for CI is used as the default configuration for all invocations of the plugin. Specific parameters supplied for individual jobs are appended to the global configuration. You can configure the following settings:

Sonatype CLM server settings
Server address
The address for the Sonatype CLM server as it can be reached from the Jenkins/Hudson server. The address should be the same one a user is using to access the Sonatype CLM server interface. A suitable URL for a default install on your local computer would be http://localhost:8070. If your Sonatype CLM server is behind a proxy server for serving HTTPS or other reasons, you have to use the public URL as it is reachable from the continuous integration server. Only the master Jenkins/Hudson server connects to the CLM server and you therefore only need ensure connectivity in terms of open firewall ports and proxy server settings between the master CI server and the CLM server. This configuration parameter is the only required setting.
Global mask options
Anonymize paths
Enabling this feature will anonymize all paths before data is sent to the Sonatype CLM server. Ultimately, this prevents the CLM report from reporting the locations/occurrences of components. Our recommendation is to leave this disabled, unless you are worried about Sonatype knowing about the file names of your components.
Global path options
Scan targets

The scan targets setting allows you to control which files should be examined. The configuration uses an Apache Ant styled pattern, is relative to each project’s workspace root directory, and has a useful default setting that includes all jar, war, ear, zip and tar.gz files. The default value is therefore 

**/*.jar, **/*.war, **/*.ear, **/*.zip, **/*.tar.gz

Note

This default only applies if and only if neither global nor job config specify scan targets.

Module excludes

As part of CLM, Sonatype has included a CLM Maven Plugin. Use of the CLM Maven plugin in the build process will result in the creation of module information files. If desired, you can exclude some of the modules from being scanned. The default location where the modules are stored is ${project.build.directory}/sonatype-clm/module.xml.

To exclude a module, use a comma-separated list of Apache Ant styled patterns relative to the workspace root that denote the module information files (**/sonatype-clm/module.xml) to be ignored, e.g.

**/my-module/target/**, **/another-module/target/**

If unspecified all modules will contribute dependency information (if any) to the scan.

Tip

While the CLM Maven Plugin produces these files for all modules in a Maven build, the excludes can be used to ignore certain modules from analysis. For more on the CLM Maven Plugin, see Section 4.1, “CLM Maven Plugin Introduction”.

Advanced options
A number of additional parameters can be supplied to the plugin using this input field. Typically these parameters will be determined by Sonatype support.