Documentation Nexus IQ Server 1.16

Our documentation site has moved. For the most current version, please see http://help.sonatype.com

20.4. Example Evaluation

In an example scenario, let’s say you have copied the sonatype-clm-scanner.jar as well as the application you want to examine to a specific directory e.g. ~/clm-test. The application’s filename is sample-application.zip.

To evaluate this application you have to identify the Sonatype CLM Application ID and supply it with the -i switch as well as supply the URL of your CLM server with -s. As an option, and what is demonstrated below, you can also specify a particular stage.

The full command line for an Application ID Test123 and a URL of http://localhost:8070 is

java -jar ./sonatype-clm-scanner.jar -i Test123 -s http://localhost:8070
-t release sample-application.zip

To access help content for Sonatype CLM for CLI, run it without supplying parameters:

java -jar ./sonatype-clm-scanner.jar

Go ahead and try an evaluation yourself. Sonatype CLM for CLI will accept a number of file types, including jar, war, and zip files. If your evaluation is successful, the log output of the command execution will provide a summary as well as a link to the produced results similar to:

[INFO] Policy Action: Warning
[INFO] Summary of policy violations: 4 critical, 85 severe, 46 moderate
[INFO] The detailed report can be viewed online
at http://localhost:8070/ui/links/application/my-app/report/95c4c14e
figs/web/clm-server-scanner-violations-report.png

Figure 20.2. Violations Report After an Evaluation


[Note]

If using Sonatype CLM for CLI, and you kept our defaults, the report will be listed under Build Violations. You should see something similar to the results displayed in Figure 20.2, “Violations Report After an Evaluation”.