Logo Sonatype CLM Step 5 - Scan Applications
Documentation Index
Sonatype CLM Downloads
Document Descriptions
Release Notes

Sonatype CLM Server
Installation and Deployment Guide
Security Administration Guide
Policy Management Guide
Report User Guide

CI User Guide

IDE User Guide

Repository Manager User Guide

Nine Steps For Open Source Governance
Optimized Component Lifecycle Management with Sonatype CLM

Step 5 - Scan Applications

Chapter 1. Introduction

Up to this point, everything in the nine-step process has focused on preparing Sonatype CLM to assess risk associated with your applications. Now, we actually walk through one of the ways your application can be scanned, the process of looking at the components in your application and vetting them against your policies.

The goal of this guide is to take you through the simple steps of scanning an individual application. This can be done via the Sonatype CLM Server Application Evaluation, or by installing and setting up our stand-alone scanner. It is important to note, that this is an ad hoc, or manual, approach and depending on your purchase, it’s likely you will use one, or a combination of several, enforcement points (e.g. CI, IDE, Nexus Pro). While there is no difference in results produced using these manual method, it’s not necessarily scalable for large implementations. scanner it is a manual process.

This document was published on 2015-01-15.

Important

This guide assumes that you have a fully installed and running Sonatype CLM Server available. It also assumes you’ve completed the first four steps for Open Source Governance. Most notably, you will need to have created at least one organization and application and imported policies to your organization(s) and/or application(s).