To get started with policies in IQ Server, it is strongly recommended that you download and import the Sample Policy Set into an organization, described in the section below. Creating policies from scratch can be a complex and labor intensive process, and the Sample Policy Set will give you a head start.
To begin, there are several fundamental questions to ask yourself about risk and the components you use:
You can download the sample policy set into an organization from here:
Sonatype-Sample-Policy-Set.json
The sample set contains policies for detecting and managing security, licensing, architectural, and popularity issues and includes some advanced policy features like application categories, component labels, and license threat groups. This policy set can help you gather information about the components used to build applications (including unknown and patched components), and understand how policy management will work for your environment.
Once the Sample Policy Set is downloaded, you can import it by following the instructions in the next section.
The Sonatype Sample Policy set is designed for use at the organization level. If you try to import the sample set into an application, you will receive an error message. |
After you acquire a policy file (in a .json format) such as the Sample Policy Set, follow these steps to import it into IQ Server.
If you want to import policies into an organization or application with existing policies (or application categories, component labels, and/or license threat groups), you should consider the following rules:
Importing policies also includes application categories, component labels, and license threat groups for which the following logic is used:
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia