Policy Overview
A handy guide for Threatrix policy management system
What Are Policies?
Threatrix policies define the rules by which events occur within the Threatrix ecosystem. They enable your team to define, disseminate and enforce the governing guidelines that reduce your security, license, and supply chain risk in your organization.
Policy Composition
Policies are composed of 3 components:
Policy metadata: title, category, and description data.
Policy conditions: Conditions on which to match against the policy.
Policy actions: The resulting pre-determined process that will be executed as a result of a triggered policy.
Policy Application & Triggering
Polices are applied, and policy actions are executed after the following events:
Scan completion: Policies are applied to the results of the scan. Triggered policy actions are taken immediately.
Knowledge base updates: updates are propagated at specific intervals. During propagation, rules are applied to changes in the most recent scan for your projects which may trigger policy actions.
All policies are executed in no specific order. All applicable actions are taken for all triggered policies.
During policy creation, actions are evaluated to determine similar conditions with conflicting actions, and a notice is generated. However, Threatrix will not prohibit the creation of conflicting policies and/or actions.
Last updated