Policy Reevaluation

You will likely find a number of consistent themes through this documentation. One of these is that regular policy review and refinement should be part of your company’s approach to policy management.

Accomplishing this successfully could potentially mean regularly rebuilding applications or publishing them to repositories several times over. Not to mention that in the case of waiting for builds, you might wait hours before an evaluation is able to run.

While there are a variety of reasons this can happen (e.g. build times are slow), the important thing is that access to the new results could be delayed. If you’ve made a change to policy you won’t be able to tell if that made a difference. Then it’s highly likely, you’ll need to make another change, and then wait again. Luckily there is an alternative which allows you to reevaluate the results of an evaluation.

Using the existing component information from the most recent evaluation against the current policies - which you might have changed since the last build and analysis - you can update an Application Composition Report.

To do this, you can use policy reevaluation to see how your changes affect the current policy. The policy reevaluation button is located in the top right of the Application Composition Report (to the left of the Options drop-down). Simply click this button and any policy changes you’ve made will be considered against the data of the current report.

Of course, it’s possible other data in the application could have changed, and that might not be realized until the next build. However, this will give you a good idea of how immediate policy changes impact any violations you currently have.

Policy Reevaluation will not enact any actions you may have attached to your policies.