What are they?

SOOS users can create a variety of Governance Policies to exclude packages based on certain criteria, such as excluding by license name or license attributes. When SOOS identifies packages as part of an SCA scan that do not comply with any of your existing Governance Policies, a Violation issue type will be created which will include a list of the set of packages that are in violation of the indicated policy.

How does that affect my code?

Violations identified by SOOS are unique to each dev team that makes the corresponding policies.  For legal purposes, each company has their own set of restrictions that are imposed upon their product(s).  The Governance Policies you set in the SOOS app allow you to prevent your product(s) from being deployed to the market if they contain packages that are out of compliance of your self-imposed restrictions.

What can I do about it?

Since SOOS identifies the packages that violate your pre-set Governance Policies, you can push that information into your ticketing system to allow the dev team to replace the packages that are out of compliance.  Governance Policies can also be modified to loosen and/or tighten the restrictions, which will alter the list of identified Violations after the next scan is performed.