Summary
We’re excited to announce a long-awaited update to our waivers experience within Nexus Lifecycle. To bridge the gap between the current Application Scan Report and the new Violation Details page, users will now have access to a new Add Waivers page. This new page provides the ability to apply a waiver against a policy violation from two different workflows, either directly from the Application Scan Report itself or more easily from the Dashboard and Policy Violations details page.
The Add Waivers page is available in IQ version 98.
What is changing?
Simplified Scope Experience
Along with the new page, we have made a few adjustments to simplify the scoping process of adding a waiver. We removed the duplicative options and on the new page and broke it into two sections: Scope (app, org, or root org) and Components (this specific one or all components) to make it easier to understand.
Policy Violation Details Information
If you are accessing the waivers functionality from the Policy Violations Details page, we also included the ability to review information about a specific security vulnerability that triggered the policy violation. It’s important to note that this capability will only appear for security-related policies and is unavailable for other forms of policies such as licenses.
What other improvements are coming?
Time-based Waivers
With this new Add Waiver page in place, we plan on adding functionality over the coming month. This includes the ability to provide a time-component to a waiver, which automatically deprecates a waiver after a given period of time.
Waiver-list View
We are also planning for another new page that will improve upon the existing ability to view applied waivers against a policy violation. This new page, just like the Add Waiver page, will be accessible from both the report and Policy Violation Details page. It will be an easy way for users to view and digest all their existing waivers and their time status against a given policy violation.
Learn more by watching this video.
Where can I ask additional questions?
You can reply directly to this post. If you are not already registered to the Sonatype User Community, you will be prompted to create an account. This will empower you to create and reply to other threads initiated by both the Sonatype team and your community peers. Notifications can be easily configured to ensure you are aware of updates for a specific thread and/or important announcements within the Community.