Managing policies

To use the policy management feature:

1. Create rules that enforce your policies; a user with the Policy Manager role can create and manage policy rules. When creating policy rules determine:

   • Whether to enable the rule. BOMs will not be evaluated until the rule is enabled.

   • Whether the rule can be manually overridden.

   • The conditions for this rule.

     Note: Rules can have multiple conditions; all conditions must be true for a component to be in violation of the rule.

2. View the violations and determine what to do with components that are in violation of a rule.

   If you enabled the option, violations can be manually overridden.

3. Optionally,

   • Create additional policies and/or edit, delete, or disable or enable your existing policies.

   • Select a category for your rule. Black Duck provides these categories for a policy rule: component, security, license, operational, and uncategorized (default).

     By using categories and filters, you can easily find policies (on the Policy Management page) or policy violations (on the BOM page) by category.

   • View the Project Version report. This report includes policy violation information:

     • The components_date_time.csv, bom_component_custom_fields_date_time.csv, andsource_date_time.csv files list the policy status and override information.

     • The version_date_time.csv file indicates whether this version of the project has a policy violation.

To assist you, Black Duck provides five default policy rules that you can view, modify, enable, or delete. These policy rules are disabled by default.

The Policy Management page lists all your policy rules and indicates whether the rule allows manual overrides. View this page by clicking and selecting Policies:

• The page is filtered to display enabled rules. Modify or clear the filter to view disabled rules.

• All rules can be overridden unless noted.

• Click > to view the conditions of this rule and who created and last updated it.

From this page, you can view, create, edit, or delete policy rules.

When a component is in violation of a policy rule, the Policy Violation icon () appears in the UI on the following pages:

• Source page. Icon appears next to the file name to indicate that a file in a component is in violation.

• BOM page. Icon appears next to components in violation.

  In the Tree View of the BOM, next to the parent component indicates that a child has a policy violation.

• Custom dashboards. Icon appears next to the project name to indicate that this project has a version which has a policy violation.

• Project Version page. Icon appears next to the version to indicate that it has a policy violation.

Hover over the icon to view to view more information:

• On the project level, information such as the following appears:

  
  
  

  This information also appears at the component/file level for users who are members of projects or have project-group privileges.

• On the component/file level, the following information appears for users with the BOM Manager, Global Project Administrator, Global Project Manager, Project Manager, and Policy Violation Reviewer roles:

  
  
  

  Clicking the icon (when viewing the BOM using the List view) displays the Policy Violations dialog box from which you can override the policy violation.

If a rule was configured to allow manual overrides of violations, then you can override a disapproved component or file in that project.

When all component violations have been overridden, the Policy Violation Override icon () appears in the UI. In the Tree View, indicates that a child's policy violation has been overridden; it appears at the parent level. Click the icon to view more information.

If a violation of a policy should not have been overridden, you can remove the override.