With process of CLM outlined, you clearly begin to see the need for a set of tools that can integrate into this new way of thinking. This is where Sonatype and Sonatype CLM come into play. Of course that presents several new questions:
Maven, Nexus, and The Central Repository are perhaps the most familiar names associated with Sonatype, and Sonatype CLM is the newest name to join these ranks.
If you’re interested in the Sonatype story, head over to our web page, and read all about Sonatype and the best place to get started.
Sonatype CLM is the suite of tools and products dedicated to optimizing your component lifecycle management efforts. We do this by offering products which allow different stake holders and participants to collaborate on their CLM efforts, with suitable, easy-to-use tools that add value across the enterprise.
In essence we are working to do away with the scan and scold mentality of managing components. Instead we want to provide your teams with the information they need, early in the development process. We believe that being able to make informed decisions when selecting components is essential to success.
Sonatype CLM supports a number of different tasks and activities, including, but not limited to:
This integration can vary from embedded GUI interfaces all the way to custom plugins and command line functionality. The real thing to remember is that no matter what system you are using, Sonatype CLM can find a way to evaluate your application and deliver the necessary information to everyone involved.
Sonatype CLM makes use of Sonatype’s HDS (Hosted Data Services) which logs security, license, and architecture information for supported open source component ecosystems.
This information is, in some cases exclusive to Sonatype (i.e. the Central Repository), and in all cases, constantly being refined using the most up-to-date sources as possible.
The type of information available for components can vary, but generally revolves around these three:
Sonatype CLM isn’t just about Java components, though that’s where we started. As you will see, we also provide detailed information for other component systems, such as NuGet (associated with Microsoft .Net Development), as well. A brief description of each is provided below.
Of course, Central isn’t the only repository we collect information on, access to additional repositories is available as well.
In cooperation with Microsoft and NuGet, Sonatype’s HDS regularly reviews NuGet packages to match any known issues related to license, security, and architecture.
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia
