Using Policy Violation Grandfathering to ease into automatic enforcement

In IQ Server release 50 we introduced a new feature: Policy Violation Grandfathering. Grandfathering is used to acknowledge the violations found in existing applications, leading to using automated enforcement without massive disruption to the development teams (e.g. fail the release build on critical violations).

There are several resources with more information

• Blog: Policy Grandfathering: Automating Open Source Governance at Your Own Pace
• Guide: IQ Server Grandfathering
• Functional docs: Policy Violation Grandfathering

Use this topic to talk about how you’re using Grandfathering and any feedback on making it even better.

In IQ Server release 50 we introduced grandfathering when onboarding applications. This sets a baseline when a newly created application is first evaluated.

We’re actively developing a grandfathering feature for the applications that are already in IQ Server and have existing scans and violations. Watch for it in release notes or in this topic.

In IQ Server release 51 we expanded on the Grandfathering feature with the ability to grandfather policy violations for existing applications.