Noob Notes: A New User Perspective on the CLM Eclipse IDE Plugin

Author, Dan Rollo

Author, Dan Rollo

After spending some time with the Sonatype CLM plugin for Eclipse, I found myself using a number of features outside the normal security and license policy tools, and instead using the features for general development tasks. These features, which I’ll discuss in detail below, include filtering the component list, using the “Website: i-button” link and automatically updating a Maven project pom.

To see these features in action, you first need to setup the plugin. If you don’t have the plugin installed, the official Sonatype CLM for IDE docs can walk you through the plugin setup. Don’t forget you will need access to a Sonatype CLM server in order to use the IDE plugin.

Improving the View

After I first installed and configured the CLM Eclipse plugin to connect to a CLM server, I noticed the “Component Info” tab listed all components for every project open in Eclipse. This seemed a bit unwieldy, and filtering the list to a single project made more sense for me. I followed the “Filter the Component List” instructions in the Sonatype CLM for IDE docs to show only components for a selected project. In the “Filter Component View” dialog, I clicked the second option, “Current Selection Project(s).”

Once the Component List was filtered, it looked something like this:

Noob Notes

The first feature to catch my eye was the “black” vs. “gray” components in the list. This simple representation of explicitly declared (black) dependencies vs. transitive (gray) dependencies was immediately useful in understanding why certain components are included in the application.

By default, this flattened list of dependencies only includes Maven “runtime” scoped dependencies. You could also view “test” scoped items by changing the plugin configuration for “Additional Maven Scopes”.

Little-Big Feature

Now that the components list is being evaluated against a CLM policy, you can select an individual component to see more details. There is a bunch of useful information here, but one tidbit I wish was available from other tools is the modest “Website: i-button” link.

Noob Notes

Clicking the “Website: i-button” opens the selected components web page in the upper pane of the IDE. Usually, I have to take a half dozen different steps outside my IDE to find the same component-specific web page. One click beats six clicks any day. If browsing in the IDE feels cramped, the component web page URL is also clearly visible, so you can copy/paste it into an external browser, if desired.

Noob Notes

Making Changes Made Easy

The next surprising feature is the “Migrate button”. In the context of fixing policy violations, a common method to resolve a violation is to upgrade a component to a version that complies with the policy. This usually requires searching the Internet for the component project page, and researching what versions are available, then finally updating the project pom to use a newer version of the component. Developers do this so often, even for non-policy related reasons, that it becomes second nature. The CLM Plugin includes a graphical representation of all the available versions of a component. This Component Information Panel (or CIP) is clickable, and when you select a different version of the component, the “Migrate button” becomes available. This is well documented in the chapter: Migrating to Different Component Versions.

The nifty part is when you click the “Migrate” button, the plugin offers to update your pom to use the selected version of a component, with previews of the changes to be made, and plenty of chances to cancel the change.

Noob Notes

While editing the pom by hand is not a huge task, automation is a big help. Having all the information about a particular component viewable in the IDE combined with easily moving to different component versions is very helpful, even when doing work that has nothing directly to do with fixing policy violations in an application.

I hope you find these features useful, either for resolving policy violations, or just for doing development.

The following two tabs change content below.

Dan Rollo

Dan Rollo is a Java Developer with nearly twenty years of experience designing enterprise systems and writing unit tested code using best of breed tools. He's a huge proponent of Open Source Software, Continuous Integration, Agile methodologies, and remote, distributed teams who will gladly infect the minds of others with similar compulsions. When not coding, he's out sailing on Barnegat Bay or tending to his herd of lawn-mowing robots.

Latest posts by Dan Rollo (see all)


Related posts