Automatic Quarantine Release

NEW IN RELEASE 114

FIREWALL

Requirements

The Firewall page requires a valid Firewall license.

Summary

The Firewall page is used to view and manage components across all repositories with quarantine enabled.  The component risk is determined when the component is first requested in those repositories.

Repository components can be automatically released from quarantine for certain policy condition types.  Auto release monitors new component information for recently quarantined components.  If new component information clears all policy violations that caused the quarantine (fail action), the component is automatically released from quarantine.

New Policy Definition

When the Firewall license is installed, an Integrity-Rating policy is automatically created.  This operation will only occur once, even if the license is installed again.  The Integrity-Rating policy is configured to guard against malicious components.

If an Integrity-Rating policy already exists prior to the Firewall license, then the policy name will be suffixed with a number, such as Integrity-Rating-1

Auto Release Quarantine Configuration

The purpose of auto release from quarantine is to continually monitor recently quarantined repository components and automatically release them back into the development lifecycle as soon as possible.  Configuration is found on the Quarantine and Auto Release from Quarantine dashboard.

Policy Condition Types Supporting Auto Release

Policy violations are triggered by specific conditions defined in the policy.  The condition types used to correlate to component information.

The policy condition types which can be enabled for monitoring with auto release from quarantine are:

  • Integrity Rating (Enabled by default)
  • License
  • License Threat Group
  • Security Vulnerability Severity
  • Security Vulnerability Category

By default, the Integrity Rating policy condition type is enabled for auto release.

Auto Releasing Components

Auto release of a quarantined component occurs when the component data changes, within a reasonable time frame, which clears all policy violations that caused the quarantine (fail action).  Once there are no longer any violations keeping the component in quarantine, the component is automatically released from quarantine without user intervention.  This allows the component to be consumed from the underlying repository.

The short time frame of the data change is a prerequisite for a component to be automatically released.  If a component remains in quarantine for an extended period, then the value of releasing that component drops dramatically, since a different component is probably in place, or the component isn’t required.

The component information having a higher likelihood of being changed in a reasonable time frame are license and security information.  Further research can result in the component data being updated, whereby the initial quarantined policy violations would be cleared.

Repository components are routinely checked for new component information on a nightly basis.  Auto release from quarantine looks at components that have been quarantined in the past 2 weeks.

Quarantine

The quarantine page displays a summary and details for all repository components which are currently in quarantine.  By default, the results are sorted by the most recently quarantined component.


Quarantine Header

The top of the Quarantine page displays the number of components being monitored in quarantine enabled repositories.  When there are no repositories with quarantine enabled, firewall is not enabled.

Quarantine Dashboard

The quarantine dashboard displays information pertinent to quarantined components and shows the repository configurations.  The dashboard includes:

  • Quarantine Status - Repositories with quarantine enabled
  • Auto Release from Quarantine Status -  Summary and configuration of policy condition types enabled for auto release from quarantine.
  • Quarantine - Components quarantined
  • Auto Released from Quarantine - Components auto released from quarantine in the current month

Quarantined Component Results

The quarantine results contain repository components currently in quarantine across all repositories.  The results are navigated using page controls to load different results.  The results are comprised of:

  • Threat - Threat level of the highest policy violation
  • Policy - Policy name of the highest policy violation
  • Quarantine Date - Date the component was quarantined
  • Component - Component quarantined in a repository
  • Repository - Repository the component belongs to

Clicking on a row of the table will display the Component Information Panel for that component.

Auto Release from Quarantine

The Auto Release Quarantine page displays a summary and details for all repository components which have been auto released from quarantine.  It is accessed from the Quarantine page dashboard.  The results do not include components that have been manually released from quarantine.  By default, the results are sorted by the most recently released component.


Auto Release Quarantine Dashboard

The auto release quarantine dashboard displays information pertinent to auto released components and shows the repository configurations.  The dashboard includes:

  • Auto Released (Month to Date) - Components auto released from quarantine in the current month
  • Auto Released (Year to Date) - Components auto released from quarantine in the current year
  • Auto Release from Quarantine Status - Summary and configuration of policy condition types enabled for auto release from quarantine.

Auto Released Component Results

The auto release quarantine results contain repository components across all repositories which were auto released from quarantine.  The results are navigated using page controls to load different results.  The results are comprised of:

  • Component - Component quarantined in a repository
  • Quarantine Date - Date the component was quarantined
  • Repository - Repository the component belongs to
  • Date Cleared - Date the component was automatically released from quarantine

Clicking on a row of the table will display the Component Information Panel for that component. Clicking on the Refresh button on the top of the table will refresh the results and will respect any filtering or sorting already applied to the results.