Once configured and the component analysis is completed a component view will look similar to the example displayed in Figure 19.5, “Example Component Info View”. The list of components will reflect an analysis of the build path.
For Maven projects we include the compile and runtime scopes in the CLM evaluation. If you wish to include additional dependencies found in provided, test, and system scope, these can be configured. |
The top left-hand corner of the Sonatype CLM for Eclipse Component Info view displays either the number of projects currently being examined in the view, or the name of the specific project. Next to that, the number of components found, and the number of components shown in the list is displayed.
The top right-hand corner provides a number of buttons to access the following features of Sonatype CLM for Eclipse:
Open Component Details::
Opens another window with more details about the selected component including policy violations, license analysis and security issues.
The left-hand side of the view contains the list of components found in the project and identified by their artifact identifier and version number. A color indicator beside the components signals potential policy violations. The right-hand side of the view displays the details of the selected component from the list on the left.
You may notice some components are black or gray. This indicates components you have included (black) in your application, versus components that are included via a transitive dependency (gray). |
By clicking on the list header on the left, the list can be ordered by the threat level of the policy a component has violated. In cases where there is no violation, the threat is simply light blue.
When you select a specific component in the list, the details, various properties, and a visualization of the different versions is displayed to the right of the list.
Depending on your screen size, the visual display may be shown below the component list. Try adjusting your screen size, or adjusting the panel. |
The details of a specific component as displayed in Figure 19.6, “Details for a Component in the Component Info View” include properties about the component and provide access to further features:
groupId
the component was published with. In many cases this is
equivalent with the reverse domain name of the organization responsible for the
deployment or running the project.
artifactId
of the component acts as a short and ideally descriptive
name.
version
of the component. A version string ending in -SNAPSHOT
signifies a transient, in development version, any other version is a release
version.
The visualization chart displayed in Figure 19.6, “Details for a Component in the Component Info View” shows a number of properties for different, available versions of the selected component. Older versions are displayed on the left and newer versions on the right. Click on any section in the visualization, and all information for that particular version will be highlighted, with the specific version number at the bottom. In addition, the details for that version of the component will display in the left-hand list of properties. Arrows to the left and right of the visualization allow you to view the full range of available versions.
The properties displayed include:
You will likely notice a number of colors within the visualization chart. The value for each of these colors is as follows:
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia