Continuous Monitoring of Apps

At times, you may want to be notified when applications no longer in development (or being built on a regular basis) have components that violate a policy. For example, you’d like to learn of any security vulnerabilities or licensing issues that may arise after applications are deployed. Continuous Monitoring lets you use existing policies with notifications to constantly watch (once a day) for new violations at a specific development stage (such as Release).

Use Continuous Monitoring judiciously. If too many messages are sent for minor violations, it could result in notification fatigue for your development team. You may want to limit the monitoring to policies that detect high risk violations, like security vulnerabilities or license concerns.

Setting up Continuous Monitoring is a two-step process. First, you turn on Continuous Monitoring at the organization or application level, and specify which stage of the development lifecycle to monitor. Second, you turn on Continuous Monitoring at the policy level by creating a notification and selecting Continuous Monitoring in a policy. Each of these steps is described in more detail below.

Step 1: The Application or Organization Level

Continuous Monitoring, by default, is turned off for the Root Organization. Because all organizations and applications inherit policy settings from the Root Organization, it is turned off for those entities as well. You can turn on Continuous Monitoring for individual applications, or an organization (the parent) and all of its associated applications (the children). You also specify which stage of the development lifecycle to monitor.

To turn on Continuous Monitoring for an application or organization:

  1. Click the Organization & Policies icon  on the IQ Server toolbar.
  2. In the sidebar, select the organization or application whose policies you want to monitor.
  3. In the Policies section, under Continuous Monitoring, click the chevron next to either Do Not Monitor or Inherit from [parent] (Do not monitor).
  4. In the Continuous Monitoring view, click the desired stage.
  5. Click Update to turn on Continuous Monitoring.

Step 2: The Policy Level

When you turn on Continuous Monitoring at the policy level, you are identifying who should receive an email message when a violation of the current policy occurs at a particular development stage (specified in Step 1) whenever an evaluation is performed.

To turn on Continuous Monitoring in a policy:

  1. In the Organization & Policy area, create a new policy or open an existing one for an organization or application.
  2. In the Policy editor, click the Notifications button to scroll to the Notifications section.
  3. Make sure the Notifications Recipient list contains the desired email address to use for policy violation notifications. If necessary, add a new recipient.
  4. For the desired email address, click Continuous Monitoring to select it.
  5. Click Update to save the policy.

If you perform Step 1, but omit Step 2, no notifications of policy violations will be sent when a Continuous Monitoring evaluation is run. You must perform Step 1 and Step 2 for Continuous Monitoring to work properly.

Turning off Continuous Monitoring

To turn off Continuous Monitoring:

  1. Click the Organization & Policies icon  on the IQ Server toolbar.
  2. In the sidebar, select the desired organization or application.
  3. In the Policies section, under Continuous Monitoring, click the chevron next to the stage that’s being monitored.
  4. In the Continuous Monitoring view, click whichever of the following options is displayed:
    1. For the Root Organization, click Do not monitor.
    2. For other organizations and applications, click Inherit from [parent] (Do not monitor).
  5. Click Update to save your change.

If an organization or application’s parent has monitoring enabled, there is no way to disable its monitoring and the option will read Inherit from [parent] (Monitored Stage). Monitoring must be disabled throughout an organization or application’s hierarchy in order to disable it.

Setting the Notification Time

Once Continuous Monitoring is turned on, you may want to consider the time of day that notifications are sent. By default, they are sent at 0000 hours or 12:00 a.m. (per IQ Server time). You can change the notification time setting in IQ Server’s config.yml file as follows:

# Hour of the day(0-23) to schedule Policy Monitoring execution. The
default is midnight.
policyMonitoringHour: 0