Component Lifecycle Management (CLM) Policy Workshop

Course Overview

The CLM Policy Workshop introduces the core concepts around CLM policies that drive guidance and enforcement throughout the software lifecycle. The workshop includes a comprehensive look at policy construction and explains how policies drive issue detection, notification, and life-cycle appropriate actions. Attendees will learn how to interpret violation results, triage violations, and refine policies over time. This workshop addresses how to understand and communicate policy results so that organizations can reduce risk from open source software usage throughout the entire software lifecycle.

Goals for this course include:

  • Understanding the benefits of Sonatype CLM
  • Learning the basics of policy creation and management
  • Understanding policy development for different organization and application types
  • Establishing proficiency in policy violation resolution
  • Learning about enforcement and implementation strategies using Sonatype CLM
  • Becoming proficient at resolving policy violations
  • Format:

    Classroom, on-site or online. Custom also available

  • Cost:

    Multiple options are available and prices may vary. Please contact us at

Detailed CLM Policy Workshop Outline

Module 1 : Introduction to CLM

  • Understand the risk and magnitude of OSS consumption
  • Building a good component practice
  • Finding your place in the CLM deployment model
  • The role of CLM policy

Module 2 : CI Plugin Installation & Configuration

  • Configuring CLM to represent your organizational structure
  • Learn about policy inheritance
  • Best practices for setting up organizations and applications

Module 3 : Anatomy of a Policy

  • Deep dive into features/functions of policy elements
  • Using labels, license threat groups, and security
  • Categorizing and constructing policy
  • Enforcing component consumption

Module 4 : Using Sonatype Default Policies

  • Using CLM policies to communicate open source risk tolerance
  • Overview of Security, License, Architecture, and Component policies
  • Manage policies

Module 5 : Policy Verification

  • Verifying the accuracy of policy elements
  • Validating policy based on organizational risk tolerance

Module 6 : Policy Triage

  • Ensuring issues are actionable
  • Learning policy-specific, triage workflows
  • Evaluating policy exceptions

Module 7 : Reporting

  • Discussion of various types of reports, such as trending reports

Module 8 : Socializing Expectations

  • Bridging the developer gap
  • Discussing scanning philosophies for component selection and governance
  • Describing developer communication processes

Download a pdf description of this information

For information, please email us at