Setting up policies can be quite complex and labor intensive. To make the process easier and give you a head start we have created some sample policies and provide an import feature.
We actually recommend you don’t begin by creating a bunch of policies right out of the gate. Instead, we’ve created a set of policies, which include other policy elements such as labels and license threat groups, that you can import into the IQ Server.
Eventually, and there is a very short time between now and eventually, you will need to create, or at least modify, policies. For now, we’ll want to focus on populating your organizations and applications with the sample policy set.
The sample policy set can be downloaded here:
Sonatype-Sample-Policy-Set.json
This policy set is an example of managing components for security, licensing, and architectural issues. It also introduces the detection of unknown and patched components used in building your applications. The sample policy set can be used to gather information about the components used to build your applications without warnings and failures occurring in the developer, build, or Nexus environments.
This is the perfect set of policies to use in order to gather information and understand how policy management will work for your environment, without potentially distracting the people who are building and delivering your applications.
The sample policy set includes several, preset tags. The tags have been used in the Application Matching area for a number of the included policies. Policies using the tags will be indicated by a special tag icon. In order to utilize the policies, you must have applied the corresponding tag to your application(s). For more information on tags, please see the Tags section of the Advanced Policy Management chapter. |
Once you have acquired the policy file to import, you can follow these steps:
If you are importing to an organization, that already has some policies, labels, license threat groups, and/or tags set up, consider the following rules:
Importing policies also includes an import of associated policy elements (labels, license threat groups, and tags). The following logic will be used for Policy Elements:
An application inherits policies from the organization. However it can be useful to have additional policies for fine grained control.
The policy information will be imported, and the following rules will be applied:
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia