Now that you have Sonatype CLM for CLI set up, you are ready to evaluate an
application. As a Java application, it can be started using the java
command,
and adding the necessary parameters. The syntax below represents the minimum set
of options required to evaluate an application:
java -jar [scanner jar] -i [application id] -s [server URL] [target]
scanner jar
./sonatype-clm-scanner.jar
.
--authentication
-a
, enter the user name:password (e.g.
MyUserName:MyUserPassword
).
Authentication will permit (or prevent) the ability to submit an application for evaluation, as well as retrieve the summary results and URL. At this time, it is not required. |
--application-id
-i
, enter the application id for your application (see
instructions above).
--server-url
-s
enter the location of your CLM server (e.g.
http://localhost:8070
).
Target
jar
,
war
, ear
, tar
, tar.gz
, zip
and many others.
Listed in the options below, you can specify the specific CLM stage. However, if you do not include this option the system will default to the Build stage. |
There are several additional options that can be used in the construction of the syntax for evaluating an application with Sonstype CLM for CLI.
--fail-on-policy-warnings
-w
will cause a failure of the evaluation if any warnings are
encountered. By default, this is set to false.
--ignore-system-errors
-e
, allows you to ignore any system errors (e.g. IO, Network,
server, etc.). This is most helpful when using Sonatype CLM for CLI with
continuous integration servers, as these errors can cause the unintentional
failure of a build.
--proxy
-p
, you can specify a proxy to use in connecting to the CLM
Server. The format is <host[:port]>.
--proxy-user
-U
, you can specify credentials for the proxy. The format is
<username:password>.
--result-file
-r
, you can specify the name and location of a JSON file that
will store the results of the policy evaluation in a machine-readable format.
--stage
-t
, you can specify the Sonatype CLM stage you wish the
report to be associated with. This is an optional parameter, and if it is not
specified, the report will be associated with the Build stage by default.
At this time only the Build, Stage Release, and Release stages will display a report in the CLM Reports Dashboard. For a full list of stages, use the CLI help provided with the tool. |
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia