News and Notes from the Makers of Nexus | Sonatype Blog

CLM Customer Impressions

Written by Derek Weeks | April 30, 2013

We thought it would be interesting to share some of the feedback that we are getting from early CLM customers.

Check out the CLM product tour to see more and come back to the blog to post your impressions.

Policy & governance

  • "Just by using the CLM we are enforcing policy." - Dev Manager
  • "A week is too long to wait for approval. The CLM automates the process and provides visibility." - Agile developer
  • "For products to effectively govern, they must have high usability. With CLM, it's really easy to build and reuse policies - there are no special tools that are required, just a Web browser." - Lead Architect
  • “Integrating disparate data (from other security tools) while automating policy is transformative for our processes.” - CISO

Simplicity

  • "If you can't make it simple, you can't make it secure." - Enterprise Architect
  • "We need a zero overhead approach that doesn't require weeks of user training. That's what we have experienced with other alternatives - but your approach is different." - Dev Manager
  • "The CLM reduces the impedance for developers that results in non-compliance. Your policy enforcement approach eliminates the biggest reason for developers not to comply with FOSS policies - you eliminate delays caused by manual component reviews." - Security Analyst
  • "If you can't make governance simple, you're creating more barriers to making it secure." - CISO
  • “We didn’t have to learn new tools, information we need to take action is in the tools we use.” - CTO

Nexus users

  • "We have been using Nexus for years and the Nexus Pro features are interesting. Since we are really focused on security, the CLM is what we need." - Dev Manager
  • "Don't build the tool to be tool agnostic… Maven is all you need!" - Maven Fanatic <Editorial note: the CLM is tool agnostic, it is designed to support multiple IDEs, Repo Managers, Build & CI tools>

OSS management

  • "You are the only company that combines component binary repository with FOSS governance: a single view and repository (approvals + component metadata + binaries + promotion model)." - Open Source Board Manager

Remediation support

  • "With the CLM, I can quickly replace flawed components in my application without leaving the IDE." - Lead developer

Securing your apps

  • "You help support our "defense in depth" strategy - CLM provides centralized FOSS rule management with multiple enforcement points (IDE, CI server, binary repo, deployment promotion etc)" - CISO
  • "For products to effectively govern, they must have high usability. With CLM, it's really easy to build and reuse policies - there are no special tools that are required, just a Web browser." - Security Admin

CLM complements security scanners

  • "When we presented CLM to the security team Fortify… they were very excited… they liked it because they can focus their efforts on code built in house." - Application Architect
  • "Sonatype provides the ability to identify issues early in the process, that decreases our development cost. Using Sonatype will allow the Fortify team to focus on things that are more likely to have issues." - Dev Manager

CLM: It's better than the competition!

  • "When you have as many apps as we do and you can't scan them automatically… and you don't have a degree in rubbish… vendors that require long scan times that produce a lot of results don't work for an organization of our size." - Architect Manager
  • "With vendors that have long scan times… you can't have those lead times, we need to be able to know whether a component is suitable to use right away. There is also no way to tie it into our system, it was simply opt in… people have to submit things and it takes several days to get it approved. We can't wait for this, we are under pressure to deliver... we are going to forge ahead, we are going to ask for forgiveness." - Lead Developer