Sonatype CLM Server - Policy Management Guide
At some point, your applications will be out of development, have completed their final build, moved beyond staging, and have been officially released. However, while there shouldn’t be changes to your application that is now considered to be in production, new security vulnerabilities and license issues could arise. For this reason, as well as any other, Sonatype CLM allows you to monitor individual policies for each application.
When a policy is monitored, you pick an application, as well as a Sonatype CLM stage to monitor to use as a base for evaluating policy against. After that we’ll show you how to configure which policies you would like to receive a notification for, given a component is found to be in violation.
If some of this sounds familiar, that’s good, because it is nearly identical to standard policy evaluation, component violations, and the notification option for policies. There really is no difference other than being able to choose which Sonatype CLM stage you will use for monitoring. Though that is a powerful option.
In this section, we’ll cover everything you need to setup policy monitoring at the organization and application level. In general, we make a few assumptions, including:
- You have your Sonatype CLM Server up and running, and accessible.
- You have created an organization and an application, as well as setup or imported some basic policies.
- You are somewhat familiar with the Sonatype CLM Server.
If any of these sounds like strange concepts, you’ll want take a few steps back and go over those topics first. With that said, let’s go monitor some policies.
Note
Policy Monitoring is not available to customers with a Nexus CLM License. Contact your CLM Admin for additional information.