A User Guide to Reports in Sonatype CLM
As with our matched components, proprietary is one of the options included in the Filter on the Policy tab of the application composition report. Unfortunately, there is often a little bit of confusion around identifying a proprietary component, so lets start first with what a proprietary component is.
Simply put, proprietary components are those components that are unique to your organization. In many cases these are actually developed by your organization and distributed among the applications you develop. Often, these will be returned as Unknown components.
In most cases components unique to your organization will simply display as Unknown. However in reality they are very well known by your and just unknown to Sonatype CLM.
To address this, you can set up the Sonatype CLM server to automatically identify proprietary packages when an application is scanned. This will then place them into the Proprietary filter. You still need to claim the components, but it will help you distinguish truly unknown components, from those that simply aren’t known to Sonatype CLM. To setup proprietary identification, follow these instruction:
- Log into your Sonatype CLM server
- Click the global navigation drop down, located just below the Sonatype CLM logo, and click Management.
- In the menu on the left, choose Configuration
- Select Proprietary Packages in the sub menu.
-
Add proprietary group parameters for components that are considered
proprietary e.g.
com.sonatypeby typing in the field and then clicking the Add button. - The button with the minus symbol can be used to remove entries.
Once your proprietary packages are configured Sonatype CLM will look at the component and the package structure used for the code in it and if it matches you proprietary package configuration, it will be identified as proprietary and displayed as such in the reports. The proprietary packages will not be evaluated against existing reports.