The topics discussed in this chapter require IQ Server with one of the following licenses: Lifecycle, Firewall, or Auditor. |
For purposes in this documentation, we’ve established that policy is a broad term used to encapsulate rules and
actions for identifying and preventing risk associated with the components used in your applications. This can
include components that enter your repository, or those that already exists in your applications.
However, in some ways, rules as a description is a bit generic. Ultimately rules have conditions, much in the same
way an If/Then
statement would.
In fact, that’s one of the easiest ways to break down the various elements of a policy. That is, a policy simply says that if something happens, then perform a certain action. In the case of IQ Server a policy determines what to do if a component meets a set of criteria. For example, a certain action could be taken (e.g. quarantine a component in the repository or fail a build), or in some cases, take no action at all.
If it’s still a bit fuzzy, an example will probably help. Let’s say we have a known rule in our development organization that says if a component used in an application has a security vulnerability, the application can not be released. To do this, we tell our development team to review components before release and if a component has a security issue, we don’t promote the release.
Congratulations, you have formed, at least in the aether, your first policy. Of course, you’re still very likely exposed to quite of bit of risk, and need to improve the policy so it works throughout the development lifecycle. From this point forward, we’ll refer to this process as policy management.
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia