At times, you may want to be notified when applications no longer in development (or being built on a regular basis) have components that violate a policy. For example, you’d like to learn of any security vulnerabilities or licensing issues that may arise after applications are deployed. Continuous Monitoring lets you use existing policies with notifications to constantly watch (once a day) for new violations at a specific development stage (such as Release).
Use Continuous Monitoring judiciously. If too many messages are sent for minor violations, it could result in notification fatigue for your development team. You may want to limit the monitoring to policies that detect high risk violations, like security vulnerabilities or license concerns. |
Setting up Continuous Monitoring is a two-step press. First, you turn on Continuous Monitoring at the organization or application level, and specify which stage of the development lifecycle to monitor. Second, you turn on Continuous Monitoring at the policy level by creating a notification and selecting Continuous Monitoring in a policy. Each of these steps is described in more detail below.
Step 1: The Application or Organization Level
Continuous Monitoring, by default, is turned off for the Root Organization. Because all organizations and applications inherit policy settings from the Root Organization, it is turned off for those entities as well. You can turn on Continuous Monitoring for individual applications, or an organization (the parent) and all of its associated applications (the children). You also specify which stage of the development lifecycle to monitor.
To turn on Continuous Monitoring for an application or organization:
Step 2: The Policy Level
When you turn on Continuous Monitoring at the policy level, you are identifying who should receive an email message when a violation of the current policy occurs at a particular development stage (specified in Step 1) whenever an evaluation is performed.
To turn on Continuous Monitoring in a policy:
If you perform Step 1, but omit Step 2, no notifications of policy violations will be sent when a Continuous Monitoring evaluation is run. You must perform Step 1 and Step 2 for Continuous Monitoring to work properly. |
Turning off Continuous Monitoring
To turn off Continuous Monitoring:
In the Continuous Monitoring view, click whichever of the following options is displayed:
If an organization or application’s parent has monitoring enabled, there is no way to disable its monitoring and the option will read Inherit from [parent] (Monitored Stage). Monitoring must be disabled throughout an organization or application’s hierarchy in order to disable it. |
Setting the Notification Time
Once Continuous Monitoring is turned on, you may want to consider the time of day that notifications are sent. By default, they are sent at 0000 hours or 12:00 a.m. (per IQ Server time). You can change the notification time setting in IQ Server’s config.yml file as follows:
# Hour of the day(0-23) to schedule Policy Monitoring execution. The default is midnight. policyMonitoringHour: 0
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia