Policy Hierarchy & Inheritance: Simplified Policy Management

We are pleased to announce the availability of Sonatype 1.6. This release is focused on policy hierarchy and inheritance support and includes a revamped user experience. The development team has also added a number of new quick start guides including one that provides guidance on policy management.

Jeff Wayman does a great job of describing these new capabilities in the release notes - and, don't worry, these are not dry, technically oriented release notes, Jeff explains why these features are relevant and points to instructions about how to take advantage of these features.

Here is a quick synopsis of the key features:

Policy Support

• Policy Hierarchy and Inheritance - policies can now be administered at the organization level. Organization policies are applied to all of the applications associated with a policy, while application level policies accommodate specific application requirements. Organizations make it easier to define and maintain policies, reducing potential errors and saving time.
• Organizational License Threat Groups & Labels - License Threat Groups and Labels are supported at the organization level. The concept of a license threat group is supported at the organization level. This means that the threat group applies to all application attached to the organization. Organizational labels can be used when creating conditions and can be applied to the applications assigned to the organization.
• Waivers - waivers can be used so that a specific policy violation can be ignored for a particular component. This allows you to easily manage exceptions where a policy violation is not relevant to a component or you have taken mitigating actions.

UI Enhancements

• The Sonatype development team prides itself on intuitive design. The development team's continued focus on usability has resulted in a new UI that will serve as a foundation for additional capabilities and interface options. In this release, Management and Reports are supported. Management is where Organizations, Applications, Policies, and Policy Elements are created, viewed, edited, and deleted. The Reports area follows this same path, providing easy access to the most recent report for a specific application, utilizing a Grid similar to what was previously available.

Documentation & Getting Started

• Most vendors treat this as a "me too" feature, but the development team continues to do a great job of providing useful documentation and getting started guides. This is complemented by work that our sales engineers and services professionals do to make Sonatype products easy to install and use. We even have options that provide clear value in 20 days - if you are interested in this program, just let us know. The getting started guides are listed at the bottom of the Knowledge Based article on downloading and installing Sonatype CLM.

Existing customers will need to go through a one time installation change to take advantage of the organization capability - Sonatype will assist you in this effort. Just contact us when you are ready to go.

Let us know what you think of the latest release!

Thanks, Mark