CLM articles

Author, Brian Fox

Nexus Lifecycle 1.15 Release

Nexus Lifecycle 1.15 Release

The Sonatype CLM 1.15 (Nexus Lifecycle) release focuses predominantly on improving security administration functionality. As part of this, you will likely notice some changes with regard to the associated interface in these areas. Here’s a breakdown of the improvements in this release. Details follow this summary: Built-in roles and permissions visibility Custom roles creation Java

SonarQube + Nexus Lifecycle.

Integrating SonarQube with Nexus Lifecycle

Many development organizations we work with have turned to SonarQube as a dashboard to visualize and measure their code quality. Customers using Nexus Lifecycle (formerly CLM) want to surface known security vulnerabilities and license risk in the same place developers or executives already go to assess the overall quality of their application. To support this growing

Marcel de Vries

License and Vulnerability Tracking for NuGet Packages with Nexus Lifecycle

At the Microsoft MVP Summit in Seattle, Danijel Malik from SSW TV talked with Marcel de Vries on using Nexus Lifecycle (formerly CLM) to manage licensing and vulnerability tracking for NuGet packages.  (Video embedded below.) Marcel first walks through how proxy works and then demonstrates the use  of the dashboard  in Nexus Lifecycle to expose and

Author, Derek Weeks

How a Software Bill of Materials Uncovers Known Vulnerabilities

In two minutes, we can show you a full software bill of materials for your application.  We can also identify any known vulnerabilities in the open source and third-party components within your Java application.  Oh, and by the way, it’s free. That’s right, at Sonatype, we could not be more in favor of the code

Author, Derek Weeks

Real World Experiences: Blackboard

As part of a new series we’re calling ‘Real World Experiences’ we’ll be highlighting how Sonatype customers are benefiting from greater development efficiency, higher productivity levels, faster time to market and better quality software, all while being more secure. We kick off the series covering Blackboard, the world’s leading education technology company. Blackboard challenges conventional thinking and

Author, Brian Fox

Product Update: CLM 1.14 Released

We’d like to announce the availability of the 1.14 Nautilus release. Highlights of this release are: Notification panel to stay up-to-date on CLM announcements Optionally force authentication by tools, with new roles to restrict access Send notifications to roles as well as specific email addresses System logging of user actions Vulnerability details provided within the

Author, Dan Rollo

Noob Notes: A New User Perspective on the CLM Eclipse IDE Plugin

After spending some time with the Sonatype CLM plugin for Eclipse, I found myself using a number of features outside the normal security and license policy tools, and instead using the features for general development tasks. These features, which I’ll discuss in detail below, include filtering the component list, using the “Website: i-button” link and

Mark Kilby and Jeffry Hesse

Talking the Talk – Focus on Goals, not Best Practices (Part 2)

by Mark Kilby and Jeffry Hesse In our last blog post, we discussed how it’s better to set process goals versus best practices across teams in your organization.  We’d like to continue that thought by discussing another goal we set for our distributed teams: Talking Daily.  This goal definitely aligns with principles of the Agile

Author, Derek Weeks

Sonatype and Bamboo: Improving Your Builds

Sonatype now provides native Atlassian Bamboo support to improve the quality of your build outputs. Sonatype provides instant analysis of open source components used in every Bamboo build and alerts development teams to any quality, license, or security issues identified.  By catching the issues during CI builds, development teams can quickly address open source policy

Top