Documentation Nexus IQ Server 1.18

Our documentation site has moved. For the most current version, please see http://help.sonatype.com

10.10. Policy Reevaluation

You will likely find a number of consistent themes through this documentation. One of these is that regular policy review and refinement should be part of your company’s approach to policy management.

Accomplishing this successfully could potentially mean regularly rebuilding applications or publishing them to repositories several times over. Not to mention that in the case of waiting for builds, you might wait hours before an evaluation is able to run.

While there are a variety of reasons this can happen (e.g. build times are slow), the important thing is that access to the new results could be delayed. If you’ve made a change to policy you won’t be able to tell if that made a difference. Then it’s highly likely, you’ll need to make another change, and then wait again. Luckily there is an alternative which allows you to reevaluate the results of an evaluation.

Using the existing component information from the most recent evaluation against the current policies - which you might have changed since the last build and analysis - you can update an Application Composition Report.

To do this, you can use policy reevaluation to see how your changes affect the current policy. The policy reevaluation button, located in the top right of the Application Composition Report (to the left of the PDF Export/Printer icon). Simply click this button displayed in Figure 10.42, “Application Composition Report Buttons For Printing and Reevaluation”, and any policy changes you’ve made will be considered against the data of the current report.

figs/web/app-comp-report-buttons-icon.png

Figure 10.42. Application Composition Report Buttons For Printing and Reevaluation


Alternatively you can reevaluate policies right from the application configuration screen in the IQ Server. Simply find your application, and locate the stage for the Application Composition Report you want to reevaluate under the application name beside the icon. Any stage that had a report processed will have a reevaluation icon right beside the stage name.

Of course, it’s possible other data in the application could have changed, and that might not be realized until the next build. However, this will give you a good idea of how immediate policy changes impact any violations you currently have.

[Note]

Policy Reevaluation will not enact any actions you may have attached to your policies.