Logo Sonatype CLM A User Guide to Reports in Sonatype CLM
Documentation Index
Sonatype CLM Downloads
Document Descriptions
Release Notes

Sonatype CLM Server
Installation and Deployment Guide
Security Administration Guide
Policy Management Guide
Report User Guide

CI User Guide

IDE User Guide

Repository Manager User Guide

Nine Steps For Open Source Governance
Optimized Component Lifecycle Management with Sonatype CLM

A User Guide to Reports in Sonatype CLM

5.3. Claiming a Component

When a component is similar or unknown, yet you are certain the component is recognized by your organization, Sonatype CLM includes functionality to prevent that component from being identified as similar or unknown in future reports. In other words, Sonatype CLM allows you to to claim the component as your own.

Once claimed, that component will be known to the CLM server. It will no longer be treated it as Similar or Unknown, and instead result in an Exact.

figs/web/app-comp-report-claim-component.png

Figure 5.5. Claim a Component


  1. Access an application composition report.
  2. Click the Policy tab, and then click the Unknown or Similar component filter.
  3. Click the row of component you wish to claim in the list - the Component Information Panel is displayed.
  4. Click on the Claim Component section of the CIP .
  5. Enter values for the Group ID, Artifact ID, and Version (GAV). All of which are mandatory.
  6. As an option, enter the Maven coordinates classifier and extension (equivalent to type or packaging), the Created Date, and/or a Comment. The created date is initialized with the date of the youngest entry in the component to be claimed.
  7. Click the Claim button, to officially stake your claim for the component.

On review of the existing report, as well as those in the future, there is now an indicator that information about the component has been edited. When hovered over, a tooltip is displayed identifying that the component has been claimed.

We refer to this as the edited component tick mark (a small red triangle) on all future scans for this application, as well as any application with a valid Application ID on the CLM Server.

figs/web/app-comp-report-claimed-component.png

Figure 5.6. Claimed Component Indicator


In addition, the Component Info section for the claimed component will now have two new fields, one indicating the Identification Source is Manual, and the other, Identification Comment will include any comments that were entered.

Note

Once claimed, a component can not be edited. In addition, no popularity data is available for unknown claimed components. Finally, on the CIP, the last field, Source will display Manual, as opposed to Sonatype.