Logo Sonatype CLM Sonatype CLM - CI User Guide
Documentation Index
Sonatype CLM Downloads
Document Descriptions
Release Notes

Sonatype CLM Server
Installation and Deployment Guide
Security Administration Guide
Policy Management Guide
Report User Guide

CI User Guide

IDE User Guide

Repository Manager User Guide

Nine Steps For Open Source Governance
Optimized Component Lifecycle Management with Sonatype CLM

Sonatype CLM - CI User Guide

2.4. Job Configuration

After a completed installation (see Section 2.2, “Installation”) and global configuration (see Section 2.3, “Global Configuration”) of Sonatype CLM for CI, you are ready to configure an invocation as part of a specific job.

Depending on your job type it will be available as pre and/or post-build step as well as a invocation as a main build step. The typical invocation would be as main build step, after the package that should be examined has been created. An example configuration from Jenkins is displayed in Figure 2.3, “Sonatype CLM Build Scan Configuration for a Build Step”. Alternatively a post-build step for example as displayed in Figure 2.4, “Post-build Action Configuration as Example for a Sonatype CLM for CI Configuration” can be used as well. A pre-build step or a main build step executed before your main build invocation step could be used to examine components existing in the workspace or being placed into the workspace by an earlier build step.

figs/web/ci-jenkins-build-scan.png

Figure 2.3. Sonatype CLM Build Scan Configuration for a Build Step


The configuration options for Sonatype CLM for CI invocations mimic the parameters from the global configuration described in Section 2.3, “Global Configuration” and are appended to the global parameters. The configuration parameters are:

Application name
The drop down for application name should be populated with the name of all applications configured in your Sonatype CLM server and allows you to select the desired application scanning configuration. The policies associated to the application will be used for the analysis of this build job output.
Scan targets
The scan targets setting allows you to control which files should be examined with an Apache Ant styled pattern. The pattern is relative to the project workspace root directory and inherits the global configuration.
Module excludes
You can exclude modules from being scanned with module information files configured in this setting. The default value is inherited from the global configuration.
Advanced options
A number of additional parameters can be supplied to the plugin using this input field. Typically these parameters will be recommended to you by the Sonatype support team.
figs/web/ci-hudson-post-build.png

Figure 2.4. Post-build Action Configuration as Example for a Sonatype CLM for CI Configuration