Sonatype CLM for Maven

7.1. Maven Plugin Setup

In our example setup for the usage with other IDE’s we are going to add a plugin configuration for Sonatype CLM for Maven into the pom.xml file of the project we want to analyze as documented in Example Configuration of Sonatype CLM for Maven. This configuration defines the serverUrl of the CLM server to be contacted for the evaluation, the applicationId used to identify the application in the CLM server to evaluate against and the stage configuration to use for the evaluation.

Example Configuration of Sonatype CLM for Maven.

<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>com.sonatype.clm</groupId>
        <artifactId>clm-maven-plugin</artifactId>
        <version>2.1.1</version>
        <configuration>
          <serverUrl>http://localhost:8070</serverUrl>
          <applicationId>test</applicationId>
          <stage>develop</stage>
        </configuration>
      </plugin>
    </plugins>
  </pluginManagement>
</build>

With this configuration in place a user can kick off an evaluation with the command line mvn package clm:evaluate.

This will result in an output detailing the components to be analyzed, any policy violations and a link to the resulting report in the Sonatype CLM server.


	To speed the build up you can skip the test compilation and execution by passing `-Dmaven.test.skip=true` on the command line invocation, since it is not needed for the CLM evaluation.