The easiest way to establish policies for your applications is to use one of the policies packages provided by Sonatype. While these are not meant to be a perfect match for every business, they have been created with our extensive experience working with customers and developing policy for our own internal practices.
The policy packages can be downloaded here:
The import files are simple JSON files and are only compatible with the latest version of the Sonatype CLM Server. Please review the Archives to access Downloads for your version of Sonatype CLM.
Alternatively you can find them in the documentation archive in the resources
folder.
Let’s take a look at the various policies available.
This policy package includes several preset tags. The tags have been used in the Application Matching area for several of the included policies. Policies using the tags will be indicated by a special tag icon. In order to utilize the policies, you must have applied the corresponding tag to your application(s). For more information on tags, please see the Policy Elements section of our Policy Management Guide.
This policy package includes several preset tags. The tags have been used in the Application Matching area for several of the included policies. Policies using the tags will be indicate by a special tag icon. In order to utilize the policies, you must have applied the corresponding tag to your application(s). For more information on tags, please see the Policy Elements section of our Policy Management Guide.
This policy package includes three preset email addresses for notifications. You will want to open the JSON file and find and replace the following addresses before importing (ProjectLead@changeme.sonatype.com, LicenseTeam@changeme.sonatype.com, SecurityTeam@changeme.sonatype.com). This can be edited with in Sonatype CLM, but will be a more manual process.