i want to ask, if all quarantined Components stay in Quarantine, when we import a new Policy.
As i understand, only the Waivers are lost, is this correct?
We´re planning to switch to application based control, which components are in a project and set waivers on this level, but at the moment we´re using a global Waiver on Repository level (over proxy settings) and also to import the new fain grained policy you have in your Documentation.
We fear, that the global components who are already waived and released from quarantine are then back again in quarantine, which would be a mess for npm projects.
Thanks for your question. You are right in assuming that policy import would remove existing waivers and you may have to re-create some when needed. However, the way Nexus Firewall works - components once released would not be quarantined again (whether waived or not). This behavior is based on the fact that once a component is released, it’s being used in multiple applications in multiple places, and suddenly blocking it one day would cause much developer friction. The right way to remove these components would be to catch them downstream for relevant applications using Nexus Lifecycle. So policy import would not re-quarantine these waived components. Hope this helps.