Threatrix Documentation
Threatrix
  • Getting Started
  • Developer Quick Start
  • SecureShip
    • Artifactory Scanning
    • ThreatAgent Scanning
  • Threat Center
    • Creating Account
      • OAuth Login
    • Entity Dashboard
    • User Profile
  • AICertify
    • Reviewing Results
  • codecertify
    • Quick Start
    • Project Summary Tab
    • Components Tab
      • Custom Components
        • Adding
        • Editing
        • Important Notes
      • Header Panel
      • Module Tree Panel
      • Results Panel
        • Card View
        • Risk Graph View
      • Audit History
    • Assets Tab
      • Custom Asset Matches
        • Adding Asset Match
  • securecore
    • Project Dashboard
    • ThreatScan
    • Scan Results
  • Threat Agent
    • Threat Agent Overview
    • Threat Agent - Installation & Scanning
    • Scan Summary Reports
    • Resolving Errors
    • Scanning Container Images
  • Integrations
    • Dependency Managers
      • RENV
    • Build Integrations
      • AWS CodeBuild
      • Azure DevOps
      • Bitbucket Pipeline
      • CircleCI
      • GitHub Action
      • GitLab Pipeline
      • Jenkins Pipeline
    • SCM Integrations
      • GitLab
      • Bitbucket
    • Issue Management
      • Jira
    • Notifications
  • Policy Management
    • Policy Overview
    • Creating Policies
    • Policy Conditions
    • Policy Actions
    • Policy Scopes
  • Administration
    • User Management
    • Organization Settings
      • Organization Knowledge Base
      • Integration
        • Slack Integration
        • Jira Integration
        • Service Keys
    • RBAC
    • Entity Management
    • Okta
      • Okta Org2Org Integration
  • GraphQL API
    • API Overview
  • Resources
    • Dependency Managers
      • PIP
    • Dictionary
    • Licenses
    • Security & Privacy
    • Binary File Support
  • Hybrid / On Premise
    • Getting Started
    • Installation
    • Upgrade
    • Setup
    • Cloud Data Disclosure
    • Troubleshooting
Powered by GitBook
On this page
  • What Are Policies?
  • Policy Composition
  • Policy Application & Triggering

Was this helpful?

  1. Policy Management

Policy Overview

A handy guide for Threatrix policy management system

What Are Policies?

Threatrix policies define the rules by which events occur within the Threatrix ecosystem. They enable your team to define, disseminate and enforce the governing guidelines that reduce your security, license, and supply chain risk in your organization.

Policy Composition

Policies are composed of 3 components:

  1. Policy metadata: title, category, and description data.

  2. Policy conditions: Conditions on which to match against the policy.

  3. Policy actions: The resulting pre-determined process that will be executed as a result of a triggered policy.

Policy Application & Triggering

Polices are applied, and policy actions are executed after the following events:

  • Scan completion: Policies are applied to the results of the scan. Triggered policy actions are taken immediately.

  • Knowledge base updates: updates are propagated at specific intervals. During propagation, rules are applied to changes in the most recent scan for your projects which may trigger policy actions.

All policies are executed in no specific order. All applicable actions are taken for all triggered policies.

During policy creation, actions are evaluated to determine similar conditions with conflicting actions, and a notice is generated. However, Threatrix will not prohibit the creation of conflicting policies and/or actions.

PreviousNotificationsNextCreating Policies

Last updated 3 years ago

Was this helpful?