Logo Sonatype CLM Sonatype CLM Server - Policy Management Guide
Documentation Index
Sonatype CLM Downloads
Document Descriptions
Release Notes

Sonatype CLM Server
Installation and Deployment Guide
Security Administration Guide
Policy Management Guide
Report User Guide

CI User Guide

IDE User Guide

Repository Manager User Guide

Nine Steps For Open Source Governance
Optimized Component Lifecycle Management with Sonatype CLM

Sonatype CLM Server - Policy Management Guide

Table of Contents





Authors

Sonatype, Inc. Manfred Moser Jeff Wayman Bruce Mayhew Justin Young Kelly Robinson
1. Introduction
2. What is Sonatype CLM?
2.1. The Four Criteria of Governance
2.2. Enforcement Points and Communication
2.3. Summary
3. What is a Policy?
3.1. Basic Policy Anatomy
3.2. Organizations, Applications and Inheritance
3.3. Summary
4. Organization and Application Management
4.1. Organizational Structure
4.2. Creating an Organization
4.3. The Application to Application Link
4.4. Creating an Application
4.5. Organization, Application, and Inheritance
4.6. The Power of Inheritance
4.7. Avoiding Policy Micromanagement
4.8. Permissions and Roles
4.9. Summary
5. Policy Development
5.1. Advanced Anatomy of a Policy
5.2. Risk and Organizational Intent
5.3. Summary
6. Policy Management
6.1. Step 1: Understand the Policy Intent
6.2. Step 2: Decide on a Descriptive Policy Name
6.3. Step 3: Choose an Appropriate Threat Level
6.4. Step 4: Choose the Application Matching Parameters
6.5. Step 5: Create Constraints with Conditions
6.6. Step 6: Set Policy Actions
6.7. Summary
7. Policy Elements
7.1. What is a Label?
7.2. Creating a Label
7.3. Creating a Condition Based on a Label
7.4. What is a License Threat Group?
7.5. Creating a License Threat Group
7.6. Creating a Condition Based on a License Threat Group
7.7. What is a Tag?
7.8. Creating, Editing, and Deleting Tags
7.9. Applying a Tag
7.10. Matching Policies to Specific Applications
7.11. Viewing Tag-based Policies
7.12. Summary
8. Manual Application Evaluation
8.1. Evaluating via the CLM Server
8.2. Evaluating via the Stand-alone Scanner
8.2.1. Finding the Application ID
8.2.2. Using the Stand-alone Scanner
8.2.3. Additional Options
8.2.4. Stand-alone Scanner Example
8.3. Report Generation
8.4. Summary
9. Reviewing Evaluation Results
9.1. Accessing the Application Composition Report
9.2. Reviewing the Report
9.3. Summary
10. Importing Policies
10.1. Sonatype Example Policies
10.2. Importing a Policy to an Organization
10.3. Importing a Policy to an Application
10.4. Summary
11. Policy Monitoring
11.1. Setup Policy Monitoring for an Application
11.2. Configuring Notification Times
11.3. Summary
12. Conclusion

List of Figures

4.1. Creating an Organization
4.2. Organization Overview Screen
4.3. Creating an Application
4.4. Application Management Area
5.1. Editing a Policy and its Attributes
6.1. Policy Creation and Editing Screen
6.2. Policy Threat Level
7.1. Creating a Label
7.2. Creating a Condition Evaluating a Label
7.3. Creating a License Threat Group
7.4. Creating a Condition Evaluating a License Threat Group
8.1. Evaluate an Application
8.2. Application Overview with Application Identifier
8.3. Violations Report after Scan
9.1. Reporting Area
9.2. Application Area
9.3. Summary Tab of an Application Composition Report
9.4. Policy Tab of an Application Composition Report
9.5. Security Issues Tab of an Application Composition Report
9.6. License Analysis Tab of an Application Composition Report
9.7. Component Information Panel CIP for a Specific Component
9.8. Policy Tab for a Specific Component Displayed on the Component Information Panel
10.1. Organization View with Import Button
10.2. Import Policy Dialog
11.1. Example of a Policy Monitoring Email
11.2. Access Application Management Area
11.3. Selecting a Sonatype CLM Stage to Monitor
11.4. Adding Email Recipient
11.5. Sample Email Notification