Nexus Documentation - Nexus IQ Server 1.20

Our documentation site has moved. For the most current version, please see http://help.sonatype.com

TOC

Prev : 7.7. Understanding the Parts of a Policy
Next : Chapter 8. Advanced Policy Management (Component Labels, License Threat Groups, and Application Categories)

7.8. Continuous Monitoring of Applications

At times, you may want to be notified when applications no longer in development (or being built on a regular basis) have components that violate a policy. For example, you’d like to learn of any security vulnerabilities or licensing issues that may arise after applications are deployed. Continuous Monitoring lets you use existing policies with notifications to constantly watch for new violations at a specific development stage (such as Release).

Continuous Monitoring, by default, is turned off for the Root Organization. Because all organizations and applications inherit policy settings from the Root Organization, it is turned off for those entities as well. You can turn on Continuous Monitoring for individual applications, or an organization (the parent) and all of its associated applications (the children). You specify which stage of the development lifecycle to monitor. An email message is sent out when there are new policy violations found during the Continuous Monitoring policy evaluation for the selected stage.


	Use Continuous Monitoring judiciously. If too many messages are sent for minor violations, it could result in notification fatigue for your development team. You may want to limit the monitoring to policies that detect high risk violations, like security vulnerabilities or license concerns.

Before activating Continuous Monitoring, you should do the following:

Make sure you have sufficient permissions to modify policies. At a minimum, you should be assigned to the Owner role for the application or organization you want to monitor.
Make sure the policies desired have monitoring notifications defined.

To turn on Continuous Monitoring:

Click the Manage Applications and Organizations icon on the IQ Server toolbar.
In the sidebar, select the organization or application whose policies you want to monitor.
In the Policy section, under Continuous Monitoring, click the chevron next to Do Not Monitor.
In the Continuous Monitoring view, click the desired stage.
Click Update to turn on Continuous Monitoring.

Figure 7.8. Continuous Monitoring View

To turn off Continuous Monitoring:

Click the Manage Applications and Organizations icon on the IQ Server toolbar.
In the sidebar, select the desired organization or application.
In the Policy section, under Continuous Monitoring, click the chevron next to the stage that’s being monitored.
In the Continuous Monitoring view, click whichever of the following options is displayed:
- For the Root Organization, click Do not monitor.
- For other organizations and applications, click Inherit from [parent] (Do not monitor).
Click Update to save your change.


	If an organization or application’s parent has monitoring enabled, there is no way to disable its monitoring and the option will read Inherit from [parent] (Monitored Stage). Monitoring must be disabled throughout an organization or application’s hierarchy in order to disable it.

Setting the Notification Time

Once Continuous Monitoring is turned on, you may want to consider the time of day that notifications are sent. By default, they are sent at 0000 hours or 12:00 a.m. (per IQ Server time). You can change the notification time setting in IQ Server’s config.yml file as follows:

# Hour of the day(0-23) to schedule Policy Monitoring execution. The
default is midnight.

policyMonitoringHour: 0

TOC

Documentation Nexus IQ Server 1.20

7.8. Continuous Monitoring of Applications