Skip to main content

Reference Policy V4 Information

What's changed?

The component-unknown policy has a new condition Data Source added.

The condition is recommended for the following ecosystems:

  • Alpine (APK)

  • Bower

  • C/C++ (Conan)

  • Conda

  • Debian (APT)

  • Drupal

  • PHP (Composer)

  • R (CRAN)

  • Rust (Cargo)

  • Swift/Objective-C (Cocoapods)

Do I have to Download the V4 Reference Policy Set?

For existing installs, you do not need to download. You can manually add the new condition yourself.

Why not download?

Downloading the reference-policies-v4.json will replace existing policies. This may not be desired.

How to add without downloading the V4 Reference Policy Set

To manually add the new condition to the Component-Unknown policy do the following.

  1. Log into IQ Server using an account that has permission to "View IQ Elements" for the specific organization or application. At a minimum, the account should be assigned the role of Owner or Developer for that organization or application.

  2. Click the Organization & Policies button


    on the IQ Server toolbar.

  3. Select the Root Organization in the sidebar

  4. Click the Policies button in the menubar near the top of the page to scroll to the Policies section.

  5. In the Policies section under Local, click the policy Component-Unknown.

  6. Click the Constraints button in the menubar near the top of the page to scroll to the Constraints section.

  7. To edit the Unknown 3rd party component constraint, click the edit icon for the constraint Unknown 3rd party component constraint

  8. Scroll to the Conditions section, click the Add Condition button to add the new condition.

  9. Pick the Data source condition.

  10. For the condition Data source, select has support for. Also, select Identity.

  11. Click Update to save the changes to the Component-Unknown policy.