Customizing Policies
Overview
A policy in FOSSA is a collection of rules that enables control over which issues are created in your project for licenses and dependencies (projects). You can think of policies like license firewalls for your project.
Rules
A rule is a restriction built around licenses and/or projects. You may deny, flag, or approve any license or dependency that can be used with your project.
DENY:
When you deny a dependency or license from being included in your project this will tell the issue scanners to create an issue that requires the license or dependency to be removed somehow. Example:
FLAG:
When you flag a dependency or license if it is included with your project this will tell the issue scanners to create an issue that requires manual approval. Example:
APPROVE:
When you allow a dependency or license to be included with your project this tells the issue scanners to never create issues for the chosen dependency or license. Example:
Pre-installed Policies
FOSSA comes equipped with 3 standard, editable policies that we've drafted with top industry lawyers. Many of our customers rely on them out of the box:
1) Standard Bundle Distribution: Recommended for software deployed on on-premises. E.G. Apache Hadoop.
2) Single-Binary Distribution: Recommended for embedded software. E.G. A mobile app.
3) Website/Hosted Service: Recommended for websites. E.G. fossa.io.
Customizing Policies
You can create or manage your own Policies through the policies page.
To create a policy, click the CREATE POLICY button in the policies section.
Fill out a title and description. You can optionally choose a template to start this policy with.
To add a rule, click the Add Rule button over Deny, Flag for Review, or Approve panels.
Choose whether the rule will apply to a license or project (dependency) and fill out which you would like to apply the rule to.
Switching projects over to a new policy
Important note about
.fossa.yml
filesCurrently, once a project been created, changing the
policy:
field in a .fossa.yml file for the project will not change the policy, the reasons for which are addressed in the FAQ.
To update the policy, access the project settings for the project you would like to update.
Then, select the Issues tab within the settings navigation bar.
Then, scroll down and select the appropriate policy(/ies) for your project.
Updated 5 months ago