Project Commencement (1st year)
Schedule a Champion's Workshop
The Sonatype Lifecycle Champions Workshop introduces advanced concepts on reporting and remediation workflows.
A one-day workshop on training the champions who will train your development teams.
Schedule a champion's workshop after your policy workshop.
Establish a workflow for violation remediation and risk management
View remediation best practices for details.
Configure notifications for newly discovered violations
Initial scans are noisy as you fine-tune your policies
Provide development teams time to review the initial reports
Automate notifications for newly discovered violations only
Report successes and challenges while reviewing desired outcomes
Avoid nagging on technical debt. The scan-and-scold is rarely effective
Track achievable goals to celebrate developer success
Measure against initial outcomes to keep your goals in focus
Socialize expectations and train development teams
Hands-on training is more successful than email links to a scan report.
Use common socializing tools to set expectations and provide immediate support.
Lunch and learns
Developer workshops
Slack channels
Component remediation catalog
Remediation decision trees and workflows
Use short-term waivers for issues that will take longer to complete