Documentation Nexus IQ Server 1.24

Our documentation site has moved. For the most current version, please see http://help.sonatype.com

Chapter 15. Sonatype CLM and Continuous Integration

The idea of continuous integration is that software development efforts are much easier to manage when test failures and other bugs can be identified closer to the time they were introduced into a complex system. As a consequence the differences between the working and the failing system are smaller and therefore easier to detect.

The terms continuous integration was coined by Martin Fowler and Kent Beck in their book Extreme Programming Explained published 1999. They introduced the idea of creating a system that continuously builds your software and executes any tests against it on a regular base as well, all in response to any changes of the source code.

Since its introduction, usage of continuous integration servers became an established and well understood best practice across the entire software development industry.

A number of commercial as well as open source servers are now available for installation in your own infrastructure as well as a managed service running remotely. Typical CI installations are often comprised of a a number of servers running the actually build and being orchestrated by one master and build running on the CI servers range from simple compile builds to running large integration test suites or regression tests in an automated fashion. In addition CI servers are increasingly used for continuous deployment, where a series of successful build and test runs results in actual production deployment of the software.

Sonatype CLM can analyze the components used in your software development for security and license characteristics. When integrated with a continuous integration server it becomes a dynamic analysis performed on a regular basis occurring potentially with each build running on the server.

Depending on your application server software you can use the Sonatype CLM Hudson and Jenkins, Bamboo, the CLI or Maven.

Every one of these tools allows you to perform a full security and license analysis of the artifacts produced by the configured build backed by your Sonatype CLM server. It will provide you access to the analysis report.