Time-Based Waivers now available in Nexus Lifecycle

Last month, we announced the addition of a completely new Add Waivers page to Nexus Lifecycle as part of IQ release 98. Today, we’re happy to announce we’ve added more functionality to our waivers initiative with the addition of time-based waivers functionality in IQ release 100.

While waivers have a ton of benefits - help you accept risk for a period of time when there are no possible or acceptable upgrades or act as a means to provide a time limit for upgrading and reviewing dependencies - their lack of easy management can be a challenge. This is where time-based waivers come in. We are taking away the time-consuming work from applying a wavier and then manually monitoring and removing it. Now, we automate a whole portion of the process, allowing you to set your acceptable time-period with a click of a button and then allow that wavier to self-deprecate once that time period is up.

You will now be able to add a waiver with an expiry time by making calls to the Sonatype Waiver REST API and including the new expiryTime option. When you apply an expiryTime it should be set to some future data for the waiver. The waiver will be created for the component when the next scan occurs. Once the expiryTime has been reached the time-based waiver will automatically expire and at the next scan time the waived policy violation will return.

Example API Call

Screen Shot 2020-10-07 at 8.12.53 AM

Where can I ask additional questions?

You can reply directly to this post. If you are not already registered to the Sonatype User Community, you will be prompted to create an account. This will empower you to create and reply to other threads initiated by both the Sonatype team and your community peers. Notifications can be easily configured to ensure you are aware of updates for a specific thread and/or important announcements within the Community.