For purposes in this documentation, we’ve established that policy is a broad
term used to encapsulate rules and actions at identifying and preventing risk
associated with the components used in your applications. However, in some ways
rules as a description is a bit generic. Ultimately rules have conditions, much
in the same way an If/Then
statement would.
In fact, that’s one of the easiest ways to break down the various elements of a policy. That is, a policy simply says that if something happens, then perform a certain action. If a component meets a set of criteria, then take a certain action, or in some cases no action at all.
If it’s still a bit fuzzy, an example will probably help. Let’s say we have a known rule in our development organization that says if a component used in an application has a security vulnerability, the application can not be released. To do this, we tell our development team to review components before release and if a component has a security issue, we don’t promote the release.
Congratulations, you have formed, at least in the aether, your first policy. Of course, you’re still very likely exposed to quite of bit of risk, and need to improve the policy so it works throughout the development lifecycle. From this point forward, we’ll refer to this process as policy management.
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia