Skip to main content

Policy Violation Log

The policy violation log is located at ./log/policy-violation.log. Each line is an independent JSON string representing a policy violation.

The policy violation log is enabled through the Logging Configuration.

Event Type

Attribute: eventType

Why a policy violation event was generated:

  • create

    The particular policy violation is newly discovered and was not present during the previous policy evaluation for the stage denoted by stageTypeId of the respective application or repository.

    Note that a newly discovered policy violation can be subject to a policy waiver at the time of its discovery and hence does not necessarily denote an active/unresolved policy violation.

  • fix

    The policy violation completely disappeared from the evaluated stage of the application/repository.

    Note that merely suppressing a violation with a policy waiver does not generate this event for the violation. For a violation to be logged as fixed, it requires either the offending component to be removed, its associated metadata (labels, licenses, vulnerabilities, etc.) getting updated or the violated policy itself to be changed.

    Also be aware that at the time this event occurs, there might still be similar policy violations, i.e. violations for the same component and reason, present in stages other than the one given by stageTypeId.

  • waive

    The policy violation was waived due to a policy waiver. If the policy violation is waived at the same time it appeared for the first time, then there will be two records logged, one for the create event and one for the waive event.

  • unwaive

    The policy violation was unwaived due to the policy waiver being removed.

  • grandfather

    The policy violation was grandfathered. If the policy violation is grandfathered at the same time it appeared for the first time, then there will be two records logged, one for the create event and one for the grandfather event.

  • ungrandfather

    The grandfathered violation was made active.

  • clear

    Logged when an organization or an application is deleted or when a repository is deleted/disabled, indicating that all policy violations associated with it or its descendants have been cleared.

Event Timestamp

When the policy violation event occurred. The format is ISO 8601 date and time

  • Attribute: eventTimestamp

  • Example: 2019-01-22T12:43:10.965Z

Policy ID

The internal ID for the policy associated with the policy violation.

  • Attribute: policyId

  • Example: 39e7a4491ecc43569a63699c312477df

Policy Name

The name of the policy associated with the policy violation.

  • Attribute: policyName

  • Example: Security-High

Policy Threat Category

The threat category of the policy that the policy violation refers to is one of the following:

security, license, quality, other

  • Attribute: policyThreatCategory

Policy Threat Level

The assigned threat level of the policy that the policy violation refers to is between 0 and 10 inclusive

  • Attribute: policyThreatLevel

Policy Condition Triggers

An array list detailing which properties of the component violated the policy.

The reasons for the policy violation are expressed in natural language and subject to rewording in future versions.

  • Attribute: policyConditionTriggers

  • Example:

    [
 {"reason": "Found security vulnerability CVE-2012-5783 with severity 5.8."}, 
 {"reason": "Found security vulnerability CVE-2012-5783 with status 'Open', not 'Acknowledged'."}
]

Stage Type ID

The stage that the policy violation occurred on i.e. one of the following:

proxy, develop, build, stage-release, release, operate, compliance

  • Attribute: stageTypeId

Stage Policy Action

This event occurs when the policy violation is created and it is not immediately grandfathered or waived. The policy action that was taken at the stage that the policy violation occurred. Values are one of the following:

none, warn, fail

  • Attribute: stagePolicyAction

Organization ID

The ID of the organization that is the parent of the application that caused the policy violation event.

  • Attribute: organizationId

  • Example: 3f1a705d53f445b29e8afaddc0bbd66d

Organization Name

The name of the organization that is the parent of the application where the policy violation occurred.

  • Attribute: organizationName

Application ID

The internal identifier of the application that caused the policy violation event

  • Attribute: applicationId

  • Example: 5f9c97a0d88746efbd82555d85c61fa0

Application Public ID

The user-created identifier of the application.

  • Attribute: applicationPublicId

  • Example: my_application

Application Name

The user-created name of the application.

  • Attribute: applicationName

  • Example: My Application

Repository ID

The internal identifier of the repository where the violation occurred. Only applicable to Repository Firewall.

  • Attribute: repositoryId

  • Example: 04866bc7979f44339548e3990ef6aef0

Repository Public ID

The public name of the repository where the violation occurred. Only applicable to Repository Firewall.

  • Attribute: repositoryPublicId

  • Example: maven-central

Component Identifier

The coordinates of the component that caused the policy violation

  • Attribute: componentIdentifier

  • Example:

    {
  "format":"maven", 
  "coordinates":{ 
    "artifactId":"commons-httpclient", 
    "classifier":"", 
    "extension":"jar", 
    "groupId":"apache-httpclient", 
    "version":"3.1"
  } 
}

    See Package URL and Component Identifiers for the complete list of format-specific identifiers.

Component Hash

The truncated sha-1 hash of the component that caused the policy violation

  • Attribute: componentHash

  • Example: 87cd491f9b46e4e2aeac