Documentation Nexus IQ Server 1.16

Our documentation site has moved. For the most current version, please see http://help.sonatype.com

11.10. Policy Reevaluation

You will likely find a number of consistent themes through the Sonatype CLM documentation. One of these is that regular policy review and refinement should be part of your companies approach to component lifecycle management.

Accomplishing this successfully could potentially mean regularly rebuilding applications or publishing them to repositories several times over. Not to mention that in the case of waiting for builds, you might wait hours before a scan is able to run.

This isn’t an issue linked to Sonatype CLM, but rather the length of time it takes to build your application. No matter the reason, it really means access to the new results could be delayed, and the change you made to policy or statuses might not have even made a difference. You’ll soon need to make another change, and then wait again. Luckily there is an alternative provided by Sonatype CLM. It allows you to reevaluate the results of a scan in the form of an application composition reports, which will use the existing component information from a scan and evaluate it against the current policies - which you might have changed since the last build and analysis.

To address this, you can use policy reevaluation to see how your changes affect the current policy. The policy reevaluation button, locate in the top right of the application composition report (to the left of the PDF Export/Printer icon). Simply click this button displayed in Figure 11.42, “Application Composition Report Buttons For Printing and Reevaluation”, and any policy changes you’ve made will be considered against the data of the current report.

figs/web/app-comp-report-buttons-icon.png

Figure 11.42. Application Composition Report Buttons For Printing and Reevaluation


Alternatively you can reevaluate policies right from the application configuration screen in the Sonatype CLM server. Simply find your application, and locate the stages report you want to re-evaluate under the application name beside the icon. Any stage that had a report processed will have a reevaluation icon right beside the stage name.

Of course, it’s possible other data in the application could have changed, and that might not be realized until the next build. However, this will give you a good idea of how immediate policy changes impact any violations you currently have.

[Note]

Policy Reevaluation will not enact any actions you may have attached to your policies.