The CLM Book - Optimized Component Lifecycle Management with Sonatype CLM
In an example scenario, let’s say you have copied the sonatype-clm-scanner.jar
as well as the application you want to examine to a specific directory e.g.
~/clm-test. The application’s filename is sample-application.zip.
To evaluate this application you have to identify the Sonatype CLM Application
ID and supply it with the -i switch as well as supply the URL of your CLM
server with -s. As an option, and what is demonstrated below, you can also
specify a particular stage.
The full command line for an Application ID Test123 and a URL of
http://localhost:8070 is
java -jar ./sonatype-clm-scanner.jar -i Test123 -s http://localhost:8070 -t release sample-application.zip
To access help content for Sonatype CLM for CLI, run it without supplying parameters:
java -jar ./sonatype-clm-scanner.jar
Go ahead and try an evaluation yourself. Sonatype CLM for CLI will accept a number of file types, including jar, war, and zip files. If your evaluation is successful, the log output of the command execution will provide a summary as well as a link to the produced results similar to:
[INFO] Policy Action: Warning [INFO] Summary of policy violations: 4 critical, 85 severe, 46 moderate [INFO] The detailed report can be viewed online at http://localhost:8070/ui/links/application/my-app/report/95c4c14e
![[Note]](images/icons/note.png){kind=icon}
|
|
|
If using Sonatype CLM for CLI, and you kept our defaults, the report will be listed under Build Violations. You should see something similar to the results displayed in Figure 18.2, “Violations Report After an Evaluation”. |