Why are my proprietary components still marked unknown?

The Nexus IQ Server requires that each component considered "matched" have a GAV recognized by The Nexus IQ Server. These matches can be exact or similar. When a component has no GAV, it is considered "unknown" to the Nexus IQ Server. This is important, because you should know every component that exists in your applications.

However, a situation arises where components are identified as proprietary (based on your proprietary component configuration), yet still remain unknown. This is because they haven’t been given a GAV, something the Nexus IQ Server needs to truly consider a component "matched".

While some organizations choose to do so, it is not necessary for you to claim every component. This can be handled by policy. If you are using the Sonatype Sample polices, it’s already included for you in the "Unknown" policy.

sonatype clm unknown sample policy

What allows proprietary components to remain "unknown", but pass this policy without violation is the second condition:

"Proprietary" "is false".

In other words, if the component is NOT proprietary, and is also unknown, a violation will occur.

You can add the same option to any policy. You just need to make sure a constraint has added the proprietary condition and set to match all conditions.

Have more questions? Submit a request


Article is closed for comments.