Customize Policies
Customize policies to simplify your daily operations!
In daily operations, you may need to monitor new vulnerabilities, search for affected packages, conduct license checks, and set up compliance checks for various regulations. These processes can be simplified using our customizable policies.
What is a "Policy"?
In DeepAsset, a 'Policy' is a set of rules evaluated against selected software assets. It is composed of the following key parts.
- Name: name of the policy.
- Rules:
- Triggers:
- Actions: When the policy is violated, what action (e.g., FAIL, INFO, PASS.) you will take.
- Target. This defines the subjects to which this policy will be applied.
A policy can contain a name, a condition, and a violation result. Assume your organization is building a web CMS system for commercial use, then a few licenses should be considered high risk to use like GNU Lesser General Public License v2.1 or later. These licenses require you to release any code you make under the same copyleft license terms to be able to distribute and modify the code.
When a "Policy" is Examined?
How to use
Create a policy
You can use the "add new policy" button on the Policies - Policy Rule page.
A new policy requires
- Name - A helpful name to indicate what's the policy for
- Cypher query - A neo4j's query language that describes the violations or conditions you'd like to check.
- Result condition - Determine if the above Cypher query with non-empty results should trigger the policy.
- Violation - If the policy matches the conditions which level of violation do you want it to be. Different violation means different level you should pay attention to.
Example: I want all my resources not to contain MIT license.
The Cypher query should be: MATCH (n:Package) WHERE "MIT" in n.licenses RETURN n LIMIT 20
.
Choose which resource to enforce on
By default, a newly created policy will not apply to any resource. You need to specify what resources this policy applies to.
Policy evaluation result
A policy will be evaluated when
- When policy is changed, we'll execute the policy once you modify the policy content.
- When your resource got a new scan result.
License
You can check all the licenses and license groups we support to detect. Each license contains a license detail page for a better description.
Updated 3 days ago