SOOS allows you to create policies or rules around the packages and licenses you want (or don't want) included in your code.  Once a policy is created, a policy violation warning will be generated any time a scan detects a package that violates the policy.  Manage your open source risk by creating restrictions on the packages and licenses your team is pulling in through the SOOS policy engine. 

  • From your SOOS dashboard, select Governance from the left navigation.
  • Select Create a Policy.
  • In the Add a Policy modal, select the Policy Type you would like to create. 
    Add Policy modal
  • For example - To create a policy that will generate violations when packages associated with particular licenses are detected, use the License Name policy type.
    • Select the license identifiers you want to prevent from being included in your project.
      • Each license name provides an external link to allow you to read the full text of the corresponding license.
        Example License Name policy definition
  • Provide a name for the policy, and indicate the desired behavior for when the policy is violated.
    • You have the option to Fail on missing data (such as a missing license) or Fail scan if the policy is violated.
    • You can also opt not to fail, which is the default selection.
      Policy name and behavior inputs
  • Finally, you will assign the policy to one or more projects, or set it as a global policy across all projects.
    Assigning policies to one or more projects
  • Saving a policy will add it to your Governance list.  From there, you can always edit or delete the policy.
    Example showing list of all policies under governance page
  • Once a policy is created, SOOS will start to alert you of any policy violations found during subsequent project scans. 

Sample of policy violation alert in SOOS UI