This process allows users to add project policy management rules to automatically generate warnings on either license category or specific license findings.
The project policy management rule creator
Policy rules for a project can be created by users having the permission ‘Update any project’ or being a member/owner of the project.
The ‘Update any project’ permission needs to be assigned to the desired users by the administrator.
The policy management rules interface
Users can access the policy management interface from the project’s grid.
Create a policy management rule
Users can create new policy management rule by clicking on the button ‘Add policy rule’.
The new policy rule form contains the next types of policy rules: ‘Category’, ‘License’.
If chosen rule type is ‘Category’ click on drop down list to chose license category and click on button ‘create rule’ to save new project policy rule.
If chosen license category is ‘permissive’, it means that all project scans files that were identified by license or component under the license from the ‘permissive’ category will generate a policy warning on the scan file view page.
If chosen rule type is ‘License’ - click on the input field and start typing a name of the specific license. Click on button ‘create rule’ to save new project policy rule.
If chosen license is, for example, ‘MIT License’, it means that all project scans files that were identified by license or component under the ‘MIT License’ will generate a policy warning on the scan file view page.
Policy management rules have to be unique for a project. If a user tries to create the same rule twice for a project the app displays an error in the creating form.
Update a policy management rule
Users can update policy management rule by clicking on three dots menu -> edit rule
Delete a policy management rule
Users can delete policy management rule by clicking on three dots menu -> delete rule
Information about policy management warnings on the projects and scans pages.
On the projects list page there are policy warnings counters that displays sum of all project scans warnings (scan identifications + scan component dependencies warnings).
On the scans list page there are policy warnings counters that displays sum of the scan warnings (scan identifications + scan component dependencies warnings).
On the scan page information about policy warning is displayed on: The identified tab
The dependencies tab
The scan file view
Users can see statistics of the policy warnings for the particular scan and click on the phrase: This scan has ‘number’ identified files and ‘number’ dependencies that are not-compliant with your project’s policy rules.
To see all the files with particular policy management rule just expand the list by clicking on the arrow next to rule
Ignoring policy management warnings
Users can ignore project policy management rule warnings.
If a user wants to ignore policy rule warning for one particular file a user needs to add the ‘not distributed’ flag for this file
If file has the ‘not distributed’ flag, policy warning icon disappears and this file is not counted
User can ignore policy warning for all files which were identified by component with warning in two clicks. First click on policy warning icon next to component on the file view page. Second click on the appeared tip.
If file was identified by only license with warning user can ignore this warning by clicking on ‘Add not distributed flag’ or click on warning icon next to the license. The result would be the same: Warning will be ignored only for this particular file.
