Logo Sonatype CLM Sonatype CLM for Hudson and Jenkins
Documentation Index
Sonatype CLM Downloads
Release Notes
Document Descriptions and PDFs
Upgrade Instructions
Requirements

Sonatype CLM Server
Installation and Configuration
Security Administration
Policy Management
Dashboard
Application Composition Report
REST APIs

Sonatype CLM for...
Bamboo
CLI
Hudson and Jenkins
IDE
Maven
Nexus
SonarQube

The CLM Book (All Guides)
Optimized Component Lifecycle Management with Sonatype CLM

Sonatype CLM for Hudson and Jenkins

Chapter 4. Job Configuration

After a completed installation (see Chapter 2, Installation) and global configuration (see Chapter 3, Global Configuration) of Sonatype CLM for CI, you are ready to configure an invocation as part of a specific job.

Depending on your job type it will be available as pre and/or post-build step as well as a invocation as a main build step. The typical invocation would be as main build step, after the package that should be examined has been created. An example configuration from Jenkins is displayed in Figure 4.1, “Sonatype CLM Build Scan Configuration for a Build Step”. Alternatively a post-build step for example as displayed in Figure 4.2, “Post-build Action Configuration as Example for a Sonatype CLM for CI Configuration” can be used as well. A pre-build step or a main build step executed before your main build invocation step could be used to examine components existing in the workspace or being placed into the workspace by an earlier build step.

figs/web/ci-jenkins-build-scan.png

Figure 4.1. Sonatype CLM Build Scan Configuration for a Build Step


The configuration options for Sonatype CLM for CI invocations mimic the parameters from the global configuration described in Chapter 3, Global Configuration and are appended to the global parameters. The configuration parameters are:

Application name
The drop down for application name should be populated with the name of all applications configured in your Sonatype CLM server and allows you to select the desired application scanning configuration. The policies associated to the application will be used for the analysis of this build job output.
Fail the build

Check this option if you want to fail the build when a CLM evaluation can’t be performed. Once checked, if for any reason the evaluation is not generated, the build will be failed.

An example of this might be if the CLM server is inaccessible. In this scenario, the build would fail. In the same example, but where the Fail the build option is left unchecked, the build would be marked unstable.

CLM Stage

This corresponds to the stage you wish the policy evaluation of the application/project to be run against. Additionally, this will correspond to the stage location when viewing report information via the CLM Server (e.g. if you chose the Build stage, summary and dashboard violation results will be displayed accordingly).

[Note]

Depending on how your policies are configured, this may impact warning and fail actions.
Scan targets
The scan targets setting allows you to control which files should be examined with an Apache Ant styled pattern. The pattern is relative to the project workspace root directory and inherits the global configuration.
Module excludes
You can exclude modules from being scanned with module information files configured in this setting. The default value is inherited from the global configuration.
Advanced options
A number of additional parameters can be supplied to the plugin using this input field. Typically these parameters will be recommended to you by the Sonatype support team.
figs/web/ci-hudson-post-build.png

Figure 4.2. Post-build Action Configuration as Example for a Sonatype CLM for CI Configuration