Proprietary components are unique or internal to your organization. When you evaluate an application that uses proprietary components, IQ Server is unlikely to find data about those components; they are probably listed under “Unknown” on the “Policy Violations” tab in the Application Composition Report. However, you can configure IQ Server to recognize those components as proprietary.
When you configure proprietary components, you use system hierarchy levels to set the scope for identifying the components:
You also specify a string search pattern called a proprietary component matcher that IQ Server uses to find proprietary components. If matching components are found, they are displayed under Proprietary on the Policy Violations tab in the Application Composition Report. There are two types of proprietary component matchers: Package and Regular Expression, which are described below.
Package Matchers
For Package, you specify a package name, for example, com.sonatype
. In this case, all components that
contain a package com/sonatype
will be marked as proprietary. You should be as specific as
possible, for the provided package is compared greedily against your scanned binaries. For instance,
com.sonatype
will match all of the following content locations:
On the other hand, the following locations will not be matched:
Regular Expression Matchers
For Regular Expression, you specify a regular expression that will be compared against the paths of all files
scanned. If a file is found in the path, it is flagged as proprietary. For example, test\.zip
will recognize
anything in the top level directory named test.zip as proprietary. If you wanted to find test.zip nested anywhere
in the scanned binaries, use .*/test\.zip
.
Occurrences inside an identified archive will make the binary proprietary as well. For example, if a
proprietary |
For more information on regular expressions, see Oracle’s Java documentation.
To configure proprietary components:
The policy is in violation if all of the following are true:
This constraint excludes proprietary components from triggering policy violations.
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia