Skip to main content

Policy Violation Log

The policy violation log is located at ./log/policy-violation.log. Each line is an independent unformatted JSON message representing a policy violation.

The policy violation log can be customized in your IQ Server configuration.

Note

For each policy violation log entry, each optional attribute will either be present with its name and value, or will not be present at all i.e. no name or value.

Policy Violation Event Attributes

Attribute name

Description

Example

eventType

Why a policy violation event was generated:

  • create

    The particular policy violation is newly discovered and was not present during the previous policy evaluation for the stage denoted by stageTypeId of the respective application or repository.

    Note that a newly discovered policy violation can be subject to a policy waiver at the time of its discovery and hence does not necessarily denote an active/unresolved policy violation.

  • fix

    The policy violation completely disappeared from the evaluated stage of the application/repository.

    Note that merely suppressing a violation with a policy waiver does not generate this event for the violation. For a violation to be logged as fixed, it requires either the offending component to be removed, its associated metadata (labels, licenses, vulnerabilities, etc.) getting updated or the violated policy itself to be changed.

    Also be aware that at the time this event occurs, there might still be similar policy violations, i.e. violations for the same component and reason, present in stages other than the one given by stageTypeId.

  • waive

    The policy violation was waived due to a policy waiver. If the policy violation is waived at the same time it appeared for the first time, then there will be two records logged, one for the create event and one for the waive event.

  • unwaive

    The policy violation was unwaived due to the policy waiver being removed.

  • grandfather

    The policy violation was grandfathered. If the policy violation is grandfathered at the same time it appeared for the first time, then there will be two records logged, one for the create event and one for the grandfather event.

  • ungrandfather

    The policy violation was ungrandfathered.

  • clear Logged when an organization or an application is deleted or when a repository is deleted/disabled, indicating that all policy violations associated with it or its descendants have been cleared.

create

eventTimestamp

When the policy violation event occurred formatted as an ISO 8601 date and time

2019-01-22T12:43:10.965Z

policyId

The id for the policy that the policy violation refers to

39e7a4491ecc43569a63699c312477df

policyName

The name of the policy that the policy violation refers to

Security-High

policyThreatCategory

The threat category of the policy that the policy violation refers to being one of security, license, quality, or other

security

policyThreatLevel

The threat level of the policy that the policy violation refers to is between 1 and 10 inclusive

9

policyConditionTriggers

An array list detailing which properties of the component violated the policy.

The reasons for the policy violation are expressed in natural language and subject to rewording in future versions.

[{"reason":"Found security vulnerability CVE-2012-5783 with severity 5.8."}, {"reason":"Found security vulnerability CVE-2012-5783 with status 'Open', not 'Acknowledged'."} ]

stageTypeId

The stage that the policy violation occurred on i.e. one of develop , build, stage-release, release, operate, or proxy

build

stagePolicyAction

(Optional - only if the policy violation is created (eventType is create) and it is not immediately grandfathered or waived) The policy action that was taken at the stage that the policy violation occurred on i.e. one of none, warn, or fail

fail

organizationId

(Optional - excluded if for a repository) The id of the organization that is the parent of the application that caused the policy violation event

3f1a705d53f445b29e8afaddc0bbd66d

organizationName

(Optional - excluded if for a repository) The name of the organization that is the parent of the application that caused the policy violation event

organization_name

applicationId

(Optional - excluded if for a repository) The internal id of the application that caused the policy violation event

5f9c97a0d88746efbd82555d85c61fa0

applicationPublicId

(Optional - excluded if for a repository) The public id of the application that caused the policy violation event

application_public_id

applicationName

(Optional - excluded if for a repository) The name of the application that caused the policy violation event

application_name

repositoryId

(Optional - excluded if for an application) The internal id of the repository that caused the policy violation event

04866bc7979f44339548e3990ef6aef0

repositoryPublicId

(Optional - excluded if for an application) The public id of the repository that caused the policy violation event

repository_public_id

componentIdentifier

(Optional) The coordinates of the component that originally caused the policy violation

{"format":"maven", "coordinates":{ "artifactId":"commons-httpclient", "classifier":"", "extension":"jar", "groupId":"apache-httpclient", "version":"3.1"} }

componentHash

The hash of the component that originally caused the policy violation

87cd491f9b46e4e2aeac