Waiver Experience Enhancements Part 2

IQ release 98 rolled out a new Add Waiver page and the ability to add time-based waivers via our APIs in Nexus Lifecycle. In IQ release 101, we have updated the experience, even more, to include two additional features to help you better manage and monitor existing waivers. The first is additional functionality around adding time-based waivers so you can now manage them directly from within the Add Waiver page without using the API. The second is another new page - the Manage Waivers for Violations page - that allows you to view all existing waivers against a given policy.

Time-Based Waivers on the Add Waivers Page

Within the Lifecycle experience, users will now be able to delegate an expiryTime for a given waiver within the new Add Waiver page itself. In between the Component and Comments sections is a new, selectable dropdown that allows you to choose from a series of pre-selected options that range from 7 days to 120 days. It is important to note that while a given waiver will expire at the end of its allotted time, the policy violation will not return until the next scan event.

Manage Waivers for Violation Page - How does it work?

This is another new page accessible within Lifecycle (separate page from the Add Waiver page) that allows you to view any applicable waivers that may be in existence for a given policy violation, regardless of scope. We refer to these as applicable waivers because they may include:

  • Active waivers - those currently active against a given policy violation
  • Stale waivers - those that have not been triggered by a scan, but may still exist
  • Expired waivers - those that have had their expiryTime end

This new view is important because it gives you an additional way to better assess how many waivers may exist at a given time for a given policy violation, and offers a means to add or remove additional waivers from the system, see which waivers have been created, what their scope is, and how many are active, stale, or expired.

You will be able to access this page view from the Violation Details page where you can now select “Manage Waivers” which will directly link you to the new waiver view. This will also be where you can add a new waiver as well.

In the future, we want to provide a more robust approach to edit and update a waiver from this new page too. Additionally, we would like to improve the request waiver workflow within the new page and enable navigation to it from the CIP within an Application Scan Report.

Where can I ask additional questions?

You can reply directly to this post. If you are not already registered to the Sonatype User Community, you will be prompted to create an account. This will empower you to create and reply to other threads initiated by both the Sonatype team and your community peers. Notifications can be easily configured to ensure you are aware of updates for a specific thread and/or important announcements within the Community.