Logo Sonatype CLM Sonatype CLM Server - Policy Management Guide
Documentation Index
Sonatype CLM Downloads
Document Descriptions
Release Notes

Sonatype CLM Server
Installation and Deployment Guide
Security Administration Guide
Policy Management Guide
Report User Guide

CI User Guide

IDE User Guide

Repository Manager User Guide

Nine Steps For Open Source Governance
Optimized Component Lifecycle Management with Sonatype CLM

Sonatype CLM Server - Policy Management Guide

Chapter 8. Manual Application Evaluation

8.1. Evaluating via the CLM Server
8.2. Evaluating via the Stand-alone Scanner
8.2.1. Finding the Application ID
8.2.2. Using the Stand-alone Scanner
8.2.3. Additional Options
8.2.4. Stand-alone Scanner Example
8.3. Report Generation
8.4. Summary

In order to scan and evaluate an application, you need to have created at least one organization and one application, as well as created or imported at least one policy at either the organization or application level. You will also need to make sure you have the proper permissions to view report information for the application you wish to scan.

While scanning can be initiated from various enforcement points (e.g. Sonatype CLM for CI, IDE, and Nexus Pro), the quickest way to get started is to perform a scan manually. This can be done using the stand-alone scanner, or via the CLM server.

In both cases, the end result is the generation of reports associated with the Sonatype CLM stage chosen during this manual evaluation process. However, the implementation is slightly different for each of these options. That is, the CLM server provides a graphical user interface (GUI) to easily upload and scan an application, while the stand-alone scanner provides similar options but utilizes the command line interface (CLI).

We’ll cover both of these options below, starting with the CLM Server.

Tip

It’s important to remember, that both scanners provide the same report produced via the other enforcement point tools like Sonatype CLM for CI or IDE or Nexus Pro.