Logo Sonatype CLM Sonatype CLM Server - Policy Management
Documentation Index
Sonatype CLM Downloads
Release Notes
Document Descriptions and PDFs
Upgrade Instructions

Sonatype CLM Server
Installation and Configuration
Security Administration
Policy Management
Dashboard
Application Composition Report
REST APIs

Enforcement Points
Continuous Integration (CI)
IDE
Nexus
SonarQube

The CLM Book (All Guides)
Optimized Component Lifecycle Management with Sonatype CLM

Sonatype CLM Server - Policy Management

Chapter 6. Policy Creation

6.1. Step 1: Understand the Policy Intent
6.2. Step 2: Decide on a Descriptive Policy Name
6.3. Step 3: Choose an Appropriate Threat Level
6.4. Step 4: Choose the Application Matching Parameters
6.5. Step 5: Create Constraints with Conditions
6.6. Step 6: Set Policy Actions
6.7. Summary

So you are ready to create your first policy. Great! If you have reached this point, it is important to be sure you have everything in place before you begin creating your own custom policies:

  • Organizations and applications are set up as desired in the Sonatype CLM server.
  • Users have been assigned to these organizations and applications with the proper roles to fulfill your security requirements.
  • You have determined the risks that apply to your organization and/or applications.

If you haven’t done so, it’s also a good idea to write out the policies you want to create. While you will find the actual creation process is pretty easy, the more thought you put into your policies and their structure the better they will be.

Also, don’t forget, that once created, a policy needs to adjusted and modified over time. We refer to that more largely as Policy Management.

figs/web/clm-server-completed-policy.png

Figure 6.1. Completed Policy Example


[Note]

Our instruction follow the process for creating a policy for an organization. This is where most of your policies will be created. However, if you need to create an application-specific policy, just substitute application for organization.

We’ve decided to break policy creation into six total steps. Each step deals with a specific area of a policy and will be described in detail. Before you go to the first step, you should know there are two key ways to create a policy.

figs/web/clm-server-new-policy-create.png

Figure 6.2. Using New Policy Button


figs/web/clm-server-global-create.png

Figure 6.3. Using Global Create Button


There is really no difference here, as both require that you have the organization or application open at the time of creation. The one advantage with using the Global Create button is that you can create no matter which tab of the currently selected organization or application you are in.