Logo Sonatype CLM Sonatype CLM Server - Policy Management Guide
Documentation Index
Sonatype CLM Downloads
Document Descriptions
Release Notes

Sonatype CLM Server
Installation and Deployment Guide
Security Administration Guide
Policy Management Guide
Report User Guide

CI User Guide

IDE User Guide

Repository Manager User Guide

Nine Steps For Open Source Governance
Optimized Component Lifecycle Management with Sonatype CLM

Sonatype CLM Server - Policy Management Guide

10.2. Importing a Policy to an Organization

Once you have acquired a policy file to import, you can follow these steps:

  1. Log into your Sonatype CLM server with a user account that has proper permissions to import policy for a specific organization (at least a member of the owner group for the organization would be required).
  2. Next, click the Organizational Design icon figs/web/clm-server-organizational-design-icon.png to access the Organizational Design area.
  3. Click on Organizations in the left menu, and then click the organization you wish to import the policy to.
  4. Click the Import button in the top right corner of the organization view displayed in Figure 10.1, “Organization View with Import Button”.
  5. Click the Choose File button in the Import Policy dialog displayed in Figure 10.2, “Import Policy Dialog” and select the policy JSON file in the file browser.
  6. Click the Import button in the Import Policy dialog.
  7. Confirm that the list of policies contains the imported policies.
figs/web/clm-server-org-policy-import.png

Figure 10.1. Organization View with Import Button


If you are importing to an organization, that already has some policies, labels, license threat groups, and/or tags set up, consider the following rules:

  • Existing policies will be deleted during the import procedure.

  • Importing policies also includes an import of associated policy elements (labels, license threat groups, and tags). The following logic will be used for Policy Elements:

    • Labels - the CLM server attempts to match labels against existing ones in a case-insensitive manner. This allows for updating the description or color of existing labels, while preserving any triage effort already done to apply these labels to components. If your import contains labels that aren’t already present in the system, they will be created.
    • License Threat Groups - the CLM server will delete all existing license threat groups, and then import the new ones.
    • Tags - the CLM Server attempts to match tags against existing ones in a case-insensitive manner. This allows for updating the description or color of existing tags, while preserving any current matching of tags between policies and applications.
figs/web/clm-server-policy-import-dialog.png

Figure 10.2. Import Policy Dialog