Policy Violation Log


IQ Server Policy Violation Log was introduced in the Nexus IQ Server 60 release.


Policy Violation Log Reference

By default, the policy violation log is located at ./log/policy-violation.log. Each line is an independent unformatted JSON message representing a policy violation. The policy violation log can be customized in your IQ Server configuration.

For each policy violation log entry, each optional attribute will either be present with its name and value, or will not be present at all i.e. no name or value.

Policy Violation Event Attributes

Attribute nameDescriptionExample

eventType

Why a policy violation event was generated:

  • create
    The particular policy violation is newly discovered and was not present during the previous policy evaluation for the stage denoted by stageTypeId of the respective application or repository.
    Note that a newly discovered policy violation can be subject to a policy waiver at the time of its discovery and hence does not necessarily denote an active/unresolved policy violation.
  • fix
    The policy violation completely disappeared from the evaluated stage of the application/repository.
    Note that merely suppressing a violation with a policy waiver does not generate this event for the violation. For a violation to be logged as fixed, it requires either the offending component to be removed, its associated metadata (labels, licenses, vulnerabilities, etc.) getting updated or the violated policy itself to be changed.
    Also be aware that at the time this event occurs, there might still be similar policy violations, i.e. violations for the same component and reason, present in stages other than the one given by stageTypeId.
  • waive
    The policy violation was waived due to a policy waiver. If the policy violation is waived at the same time it appeared for the first time, then there will be two records logged, one for the create event and one for the waive event.
  • unwaive
    The policy violation was unwaived due to the policy waiver being removed.
  • grandfather
    The policy violation was grandfathered. If the policy violation is grandfathered at the same time it appeared for the first time, then there will be two records logged, one for the create event and one for the grandfather event.
  • ungrandfather
    The policy violation was ungrandfathered.
  • clear
    Logged when an organization or an application is deleted or when a repository is deleted/disabled, indicating that all policy violations associated with it or its descendants have been cleared.

create

eventTimestamp

When the policy violation event occurred formatted as an ISO 8601 date and time2019-01-22T12:43:10.965Z

policyIdThe id for the policy that the policy violation refers to39e7a4491ecc43569a63699c312477df
policyNameThe name of the policy that the policy violation refers to
Security-High
policyThreatCategoryThe threat category of the policy that the policy violation refers to being one of security, license, quality, or othersecurity
policyThreatLevelThe threat level of the policy that the policy violation refers to between 1 and 10 inclusive9
policyConditionTriggersThe list detailing which properties of the component violated the policy. Note that the reasons for the policy violation are expressed in natural language and hence are generally subject to rewording/refinement in future versions.[{"reason":"Found security vulnerability CVE-2012-5783 with severity 5.8."},{"reason":"Found security vulnerability CVE-2012-5783 with status 'Open', not 'Acknowledged'."}]

stageTypeIdThe stage that the policy violation occurred on i.e. one of develop, build, stage-release, release, operate, or proxybuild
stagePolicyAction(Optional - only if the policy violation is created (eventType is create) and it is not immediately grandfathered or waived) The policy action that was taken at the stage that the policy violation occurred on i.e. one of none, warn, or failfail

organizationId(Optional - excluded if for a repository) The id of the organization that is the parent of the application that caused the policy violation event3f1a705d53f445b29e8afaddc0bbd66d
organizationName(Optional - excluded if for a repository) The name of the organization that is the parent of the application that caused the policy violation eventorganization_name

applicationId(Optional - excluded if for a repository) The internal id of the application that caused the policy violation event5f9c97a0d88746efbd82555d85c61fa0
applicationPublicId(Optional - excluded if for a repository) The public id of the application that caused the policy violation eventapplication_public_id
applicationName(Optional - excluded if for a repository) The name of the application that caused the policy violation eventapplication_name

repositoryId(Optional - excluded if for an application) The internal id of the repository that caused the policy violation event04866bc7979f44339548e3990ef6aef0
repositoryPublicId(Optional - excluded if for an application) The public id of the repository that caused the policy violation eventrepository_public_id

componentIdentifier(Optional) The coordinates of the component that originally caused the policy violation

{"format":"maven","coordinates":{"artifactId":"commons-httpclient","classifier":"","extension":"jar","groupId":"apache-httpclient","version":"3.1"}}

componentHashThe hash of the component that originally caused the policy violation87cd491f9b46e4e2aeac