Logo Sonatype CLM Sonatype CLM Server - Policy Management Guide
Documentation Index
Sonatype CLM Downloads
Document Descriptions
Release Notes

Sonatype CLM Server
Installation and Deployment Guide
Security Administration Guide
Policy Management Guide
Report User Guide

CI User Guide

IDE User Guide

Repository Manager User Guide

Nine Steps For Open Source Governance
Optimized Component Lifecycle Management with Sonatype CLM

Sonatype CLM Server - Policy Management Guide

Chapter 6. Policy Management

6.1. Step 1: Understand the Policy Intent
6.2. Step 2: Decide on a Descriptive Policy Name
6.3. Step 3: Choose an Appropriate Threat Level
6.4. Step 4: Choose the Application Matching Parameters
6.5. Step 5: Create Constraints with Conditions
6.6. Step 6: Set Policy Actions
6.7. Summary

So you are ready to create your policy in the Sonatype CLM server. Great! If you have reached this point, it is important to be sure you have everything in place before you begin creating your own custom policies:

  • Organizations and applications are set up as desired in the Sonatype CLM server
  • Users have been assigned to these organizations and applications with the proper roles to fulfill your security requirements
  • You have determined the risks that apply to your organizational intent for the applications

If you haven’t done so, it’s also a good idea to write out the policies you want to create. While you will find the actual creation process is pretty easy, the more thought you put into your policies and the structure how the are tied together, the more well received they will be.

OK, you’ve been waiting long enough though, let’s start creating our very own policies, and we’ll do that next.

Note

In the instructions below, we’ve highlighted creating a policy for an organization. However, creating a policy for an application is almost identical with the only difference being that policies at the application level cannot have a tag applied to them.