Nexus Lifecycle Policy Workshop

Course Overview

The Nexus Lifecycle Policy Workshop, formerly Component Lifecycle Management (CLM) Policy Workshop, introduces the core concepts around Nexus Lifecycle policies that drive guidance and enforcement throughout the software lifecycle. The one-day workshop focuses on defining and configuring the rules for component use and learning best practices for continuous component governance.

Key accomplishments:

  • Understand key policy creation and management concepts
  • Test the policy to ensure actionable findings
  • Develop strategies to refine policies over time
  • Learn about approaches to ongoing enforcement

Format: Classroom, on-site or online. Custom also available

Detailed Nexus Lifecycle Policy Workshop Outline

Module 1: Introduction to Nexus Lifecycle

  • Understand the risk and magnitude of OSS consumption
  • Building a good component practice
  • Finding your place in the Nexus Lifecycle deployment model
  • The role of Nexus Lifecycle policy

Module 2: CI Plugin Installation & Configuration

  • Configuring Nexus Lifecycle to represent your organizational structure
  • Learn about policy inheritance
  • Best practices for setting up organizations and applications

Module 3: Anatomy of a Policy

  • Deep dive into features/functions of policy elements
  • Using labels, license threat groups, and security
  • Categorizing and constructing policy
  • Enforcing component consumption

Module 4: Using Sonatype Default Policies

  • Using Nexus Lifecycle policies to communicate open source risk tolerance
  • Overview of Security, License, Architecture, and Component policies
  • Manage policies

Module 5: Policy Verification

  • Verifying the accuracy of policy elements
  • Validating policy based on organizational risk tolerance

Module 6: Policy Triage

  • Ensuring issues are actionable
  • Learning policy-specific, triage workflows
  • Evaluating policy exceptions

Module 7: Reporting

  • Discussion of various types of reports, such as trending reports

Module 8: Socializing Expectations

  • Bridging the developer gap
  • Discussing scanning philosophies for component selection and governance
  • Describing developer communication processes

Download a pdf description of this information

For information, please email us at