Logo Sonatype CLM Sonatype CLM Enforcement Points - Nexus
Documentation Index
Sonatype CLM Downloads
Release Notes
Document Descriptions and PDFs
Upgrade Instructions

Sonatype CLM Server
Installation and Configuration
Security Administration
Policy Management
Dashboard
Application Composition Report
REST APIs

Enforcement Points
Continuous Integration (CI)
IDE
Nexus
SonarQube

The CLM Book (All Guides)
Optimized Component Lifecycle Management with Sonatype CLM

Sonatype CLM Enforcement Points - Nexus

5.1. Introduction

A Sonatype CLM evaluation of a Maven based software project can be assisted by the Sonatype CLM Maven plugin. It can take advantage of the dependency information contained in the project’s pom.xml files and the information about transitive dependencies available to Maven. It can be run on a command line interface and can therefore be executed on any continuous integration server.

When using the plugin on a multi-module project in most cases you will only configure an execution for the modules that produce components that will be deployed as an application. Typically these are ear files or war files for deployment on application servers or tar.gz or other archives that are used for production deployments or distribution to users. However you can also analyze a all modules of a project. This will largely depend on what your CLM policy is enforcing and what you want to validate.

The index goal of the plugin allows you to prepare data for analysis with Sonatype CLM for CI.

The attach goal aids your integration with Sonatype Nexus CLM Edition and the release process using the staging tools of Nexus.

The evaluate goal can trigger an evaluation directly against a Sonatype CLM server.

The help goal provides documentation for all the goals and parameters and you can invoke it with an execution like

mvn com.sonatype.clm:clm-maven-plugin:2.1.1:help