Skip to content

Managing policy violations

After a policy has been created which should be applied for a specific application, this policy needs to be assigned to the application. Afterwards all policy violations will be listed and can be operated.

Assigning a policy to an application

Initially no policy will be assigned to an application. In the policy violation section, you can choose a policy after selecting the button "Select Policy" or (if there is a policy assigned already) "Switch Policy".

Managing policy violations

There are different types of policy violations:

  • License missing: It was not possible to automatically determine the license of these components. They need to be assigned manually. This assignment will be used for all applications in Licensight.
  • License missing in policy: If a component has a license which is not yet assigned in the policy, this status occurs. A user with the role "Policy Administrator" needs to assign the license.
  • Approval needed: This status covers all components with a license which are in the "approval needed" category of the assigned policy. These violations need to be approved by a user with the role "Approver" in the application.
  • Policy violation: This status covers all components with a license which are in the "prohibited" category of the assigned policy. These components need to be removed.
  • Rejected: These violations were already rejected. The corresponding components must be removed from the application.
  • Vulnerable component: If a component has vulnerabilities with unacceptable severities by the assigned policy, this status will occur. Users can evaluate and take the most appropriate action suggested in the management page.
  • Suppressed: These violations were suppressed by an application owner. These violations should be reviewed later.

To clarify a violation or to decide, the manage button can be used. After clicking it, a detailed description of the violation will be presented. It is possible to comment on the violation or to process it depending on the type of violation.

Policy Violation Assignment

By default, each policy violation will be assigned to the "Default Assignee" of the application. And the application creator is the "Default Assignee" but we can change it in the Application Team.

Application owner can assign an policy violation to a member by clicking on "Change assignee" button in Assignee section. The assigned member will be responsible for the violation. He/she can manage all his/her violations in the "My policy violations" page (by clicking on the warning icon at bottom left of the page).