Transitive Violation Waivers for InnerSource
Waiving violations for components that are both transitive and Innersource can be a challenge. The Transitive Violations Page lets you view all the transitive violations brought in by an Innersource component and quickly view, manage, and apply waivers.
Accessing and Viewing the transitive violations page
To see the transitive violations page for Innsersource components, open an Application Composition Report and find a component with the teal green Innersource tag. Click on the component to open the Component Details Page, then go to the Policy Violations tab. At the top right, click the View Transitive Violations button.
Once accessed, the transitive violations page will appear similar to this:
The page title shows the name of the InnerSource component and the subtitle shows the Innersource component hierarchy. You'll also see the teal green Innersource tag.
The page table shows each transitive violation's policy threat level, policy name/actions, and the name of the transitive component.
If no transitive violations are found, then the table will be empty.
Request Waiver
The Request Waiver button is for users who do not have permission to waive the transitive violations. Click it to open a popover with information on how to waive the transitive violations, which you can then pass along to someone who has permission.
Waive Transitive Violations
The Waive Transitive Violations button is for users who have permission to waive the transitive violations. Click it to open a popover allowing you to specify the details that will be applied to each waiver for each transitive violation.
Clicking the "Save" button will create a waiver for all transitive violations with the given details.
Waivers are not applied until the next application analysis. You will see violations in the table until the next full scan is completed.
View Existing Waivers
The View Existing Waivers button allows you to view any waivers that are already applied to any transitive components.
It opens a popover with a table showing each waiver's policy name, constraint name, creation date, scope, component name, and any comments.
Select the trash bin icon on the right to delete a waiver.