Code quality policies are used to enforce restrictions on project dependencies. Currently, code quality policies can:
- Utilize stale package prevention to ensure your dependencies are kept up to date.
- Whitelist packages for automatic approval.
- Blacklist packages for automatic flagging.
To create a new code quality policy, navigate to the quality tab of the policy configuration menu and click create policy.
From there, you can configure a title and description for your new policy accordingly.
Outdated packages carry increased security risk and prevent your team from utilizing newer features. To enforce up-to-date packages, you can enable rules to flag packages by semantic version, ordered versions, or both. Package matching either rule will be flagged as issues.
Whitelists and blacklists are used to manage packages where you know ahead of time whether or not they'll be permitted. Whitelisted packages will never raise issues—even when in violation of other policies. In contrast, blacklisted packages will always be flagged as an issue.
Both lists allow you to configure custom version ranges for which the list entry should apply. In terms of package specification, whitelists require you to provide the full package name whereas blacklists will permit regular expressions.
Updated about 2 years ago