SOOS allows you to create policies or rules around the packages and licenses you want (or don't want) included in your code. Once a policy is created, a policy violation warning will be generated any time a scan detects a package that violates the policy. Manage your open source risk by creating restrictions on the packages and licenses your team is pulling in through the SOOS policy engine.
- From your SOOS dashboard, select Governance from the left navigation.
- Select Create a Policy.
- In the Add a Policy modal, select the Policy Type you would like to create.
- For example - To create a policy that will generate violations when packages associated with particular licenses are detected, use the License Name policy type.
- Select the license identifiers you want to prevent from being included in your project.
- Each license name provides an external link to allow you to read the full text of the corresponding license.
- Each license name provides an external link to allow you to read the full text of the corresponding license.
- Select the license identifiers you want to prevent from being included in your project.
- Provide a name for the policy, and indicate the desired behavior for when the policy is violated.
- You have the option to Fail on missing data (such as a missing license) or Fail scan if the policy is violated.
- You can also opt not to fail, which is the default selection.
- Finally, you will assign the policy to one or more projects, or set it as a global policy across all projects.
- Saving a policy will add it to your Governance list. From there, you can always edit or delete the policy.
- Once a policy is created, SOOS will start to alert you of any policy violations found during subsequent project scans.