Organization policy configuration
The Organization policy configuration page lets users with appropriate user roles adjust analysis configuration settings used to refine scanning results and suppress global results. These settings can be configured at the organization level or the group level. The group-level configuration is available on the Policies page.
All policies you can edit are listed in the Organization policy configuration table containing the following fields:
- Category - indicates the categories the policies belong to
- ID - indicates the policy ID
- Description - indicates the issue covered by a specific policy
- Enabled - indicates whether the policy in question is enabled or not. When enabled, it influences the final CI/CD status and overall deployment risk of analyzed files. When disabled, the policy will not be used during analysis
- CI/CD Status - indicates the overall CI status (pass or fail). When set to Fail, a policy can influence the build process by reporting the CI fail status on policy violations. Based on the CI status in the report, you can configure your CI/CD pipeline to stop the build process and prevent code merge or a software release. When set to Pass, a policy does not report the CI fail status even when policy violations exist
- Actions - a menu from which you can edit policies. In the policy configuration dialog, you can enable and disable a policy, make a policy stop the build process depending on the CI/CD status, and explain why the policy configuration was changed to maintain an audit trail. For previously modified policies, this menu contains the option to revert changes
By using a search bar above the Organization policy configuration table, you can search for policies by their names or IDs without having to go through all the results in the table. The search bar includes a dropdown that ensures all policies are readily available.
You can filter the data in the table to:
- Show edited only - shows only those policies that have been edited
- Show customized levels only - applies only when SAFE Levels are enabled, and shows policies that were edited to be less strict than the level currently enabled for your organization.
These filters can be removed by clicking Clear All Filters next to the filter toggle switches.
Edit organization-level policy configurationโ
If you have the appropriate role, you can configure policies for your organization by clicking on the Policy Configuration page in the sidebar.
From there, you can edit each policy in the Organization policy configuration table to suit your organization's needs, and configure SAFE Levels for the whole organization.
When SAFE Levels are enabled for the organization, they cannot be disabled for specific groups. However, you can still override the configuration for individual policies on the group level.
SAFE Levels configurationโ
Instead of manually tweaking each policy, you can use SAFE Levels, each of which has pre-configured settings for policies.
By default, SAFE Levels are enabled and set to level 5 on the Portal. You can change this by either disabling them completely (Don't use levels) or choosing one of the five levels.
By default, all groups inherit the SAFE Levels configuration from the organization. When levels are enabled for the organization, they cannot be disabled for specific groups, but you can change the level for each individual group on the Policies page.
Switching between SAFE Levels or disabling them affects the software package analysis results both on File Stream and Projects pages. When you've changed or disabled SAFE Levels settings, you need to reanalyze your packages for new changes to take effect and your analysis reports to be up to date.
If SAFE Levels are enabled and you modify a policy to make its settings less strict at the current level (for example, you change its CI status from FAIL to PASS), the Portal indicates that you are using Custom Levels.
This is visible on the Policy Configuration page for the organization, and in CI status indicators across the Portal interface.