This process allows users to approve the usage of a component in a specific project. With this, the person or persons responsible of this task can have accountability of the status and approve or reject the usage of a component.
The component approver role
Any existing user can become an approver by having the assigned permission ‘projects component approver’. With this permission, users will be granted access to the approval interface on the projects they are part of. The role of the approver requires that the user has the knowledge to approve the usage of a component from a technical and legal perspective.
Requirements
The approver permission needs to be assigned to the desired users by the administrator.
The component approval interface
Approvals are project based. You can access the component approval interface from the project’s grid.
All users assigned to the project can have access to the approval interface. Only users with the permission ‘projects components approver’ will be able to approve or reject the component usage.
Users without this permission will see only approval information.
Users can generate an HTML report of the approved components at any time.
Approving or rejecting a component
If the appropriate permission is assigned, the user will be able to change the approval status of a component from the approval interface.
Users can also view the approval log to see the history of the requests.
Approval by policy
FossID allows creating policies to automatically either approve or reject components depending on the component license. A user with the permission APPROVAL_POLICY_GLOBAL can manage these policies from the policy interface accessed from the main menu: Projects → Approval Policy.
Actual approval requests will only be sent to component approvers for licenses with the “Manual” policy.
Generating approval requests
Approval requests are generated from the scan interface. When a scan has a project assigned, users will be able to automatically create requests for the identified components. This will include only files ‘marked as identified’.
Approval requests will only be created if there is no other request existing for a specific component and version.
