Creating policy rules for approved or barred items

Suppose you want to create a policy rule whereby externally distributed projects with permissive licenses are pre-approved: any component versions that have non-permissive licenses will trigger a policy violation.

To create this policy rule, follow the instructions for creating a policy rule, and set these conditions:

Suppose you want to create a policy rule whereby only a specific version of a component is approved: all other component versions trigger a policy violation.

To create this policy rule, follow the instructions for creating a policy rule, and set these conditions:

In this example, a policy violation is triggered when the Apache Tomcat version is not 8.0.1.

Suppose you want to create a policy rule whereby multiple versions of a component are approved: all other component versions trigger a policy violation.

To create this policy rule, follow the instructions for creating a policy rule, and set these conditions:

In this example, a policy violation is triggered when the Apache Tomcat version is not 8.0.1 or 8.0.3.

To create this condition:

1. Select the component, the equals operator, and the component.

2. For the second condition: select the component, the 'not in' operator, and the approved versions. To select multiple versions, select the version and click Set selected component, Repeat selecting approved versions and clicking Set selected component until all approved versions are selected.

Suppose you want to create a policy rule whereby any component versions in SaaS distributed projects in the development or planning phase with licenses in the AGPL license family trigger a policy violation.

To create this policy rule, follow the instructions for creating a policy rule, and set these conditions: