Documentation Nexus IQ Server 1.16

Our documentation site has moved. For the most current version, please see http://help.sonatype.com

8.3. Advanced Anatomy of a Policy

Branching beyond the simple concept of If/Then statements, let’s break policy down into each part you can interact with keeping an eye on the editing screen for a policy displayed in Figure 8.1, “CLM Server Policy Example”.

figs/web/clm-server-policy-example.png

Figure 8.1. CLM Server Policy Example


Policy Name
This name will be displayed on the Policy tab in the application composition report. Others will see this regularly, so it should be unique, clear, and concise.
Threat Level
A number, 10 - 0, that is color coded (red, orange, yellow, dark blue, and light blue), and represents the perceived severity if this policy is violated. The number will also be used to create the order in which policy violations are displayed.
Constraints

Each policy must have at least one constraint. When a constraint is fulfilled, a policy violation occurs. A constraint itself consists of the Constraint Name and at least one condition. Make sure it clearly identifies the conditions that you have added for the Constraint.

Conditions
A condition is considered the if part of an if-then statement. There are a wide range of conditions possible, that have there own set of values you can choose from.
Any/All
Any/all is required when there are multiple conditions. This tells the policy whether all of the listed conditions, or simply any of them, must be met in order to have a policy violation.
Actions

The then part of an if-then statement. The action chosen here will be taken when the policy constraint and its associated conditions have been met.

Stage
These stages represent the enforcement point. They are Develop, Build, Stage Release, Release and Operate.
Warn and Fail
Each enforcement point for each stage can be configured to cause a Warn(ing) or a Fail(ure).
Custom
This action allows you to select an email, or emails, to send notification to when new policy violations have occurred.
[Note]

When viewing policy violations counts, please keep in mind that despite the number of constraints fulfilled, only one policy violation is counted.

Now that we understand the different attributes of an individual policy, you’re likely eager to create your own policy. However, we suggest you consider importing our Sample Policy Set, which we’ll tackle that next in the next section. Feel free to create your own policy at any time though.