Versions Compared

Old Version 36

changes.mady.by.user Michelle Friedman

Saved on

compared with

New Version Current

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Overview

This topic describes how to manage (add, remove, edit and view) In-House rules. In-House refers to libraries that were developed by your own company. In-House rules are applied by using glob patterns for matching libraries in your inventory. 

These libraries are part of your inventory, but you do not want to view them in any report or license analysis, or initiate an approval process for them.

Info

IMPORTANT

Customers with installations of Vulnerability-based Alerting can view In-House libraries when filtering alerts by Resolved Alerts.

Libraries can be marked as In-House according to the following ways:

  • Create In-House Rules to match the library name

  • Create In-House Rules to match the Maven coordinates of the library

  • Manually from Product / Project inventory

Info

Please Note: The above actions can only be performed by an Organization Administrator. In order for Product Administrators to perform any of the above actions, the Organization Administrator must enable the "Allow product administrators to mark libraries as in-house" checkbox which is available in the Admin > Assignments page.

Accessing the In-House Rules Settings

To manage In-House rules, you must access the In-House Settings screen. Do as follows:

  1. From the menubar, select Admin. The Organization Administration screen is displayed.

  2. In the Settings area, select In-House. The In-House Settings screen is displayed (partial view displayed here).

    Image Removed

The screen contains these areas:

  • In-House Rules – A list of all your In-House rules. A user can add or delete a rule using the appropriate button.

  • In-House Libraries Matched by Rules – A list of all the libraries that will be excluded from your reports since they were matched by one of your rules.

  • Manual In-House libraries – A list of all the libraries that will be excluded from your reports since they were marked by you as In-House.

Adding an In-House Rule

Adding a rule immediately affects all existing matched libraries in your inventory and all future tickets, causing them to be approved automatically.

Add a rule via the following ways:

  • Create In-House rules to match the library name

  • Create In-House rules to match the Maven coordinates (Artifact ID, Group ID) of the library

To add a new In-House rule, do as follows:

  1. Above the In-House Rules table, click Add Rule. The Add In-House Rule dialog box is displayed.

  2. Select either By Name or By Library Coordinates (see above explanation).

    • If you select By Name, enter the glob pattern’s name

    • If you select By Library Coordinates, enter the Group ID and Artifact ID glob patterns.

  3. Click OK.

  4. Click Save and Apply.

Removing an In-House Rule

Removing an In-House rule will cause all matching libraries to "reappear" in all reports and analyses.

To remove a rule, do as follows:

  1. In the In-House Rules table, select the rule that you want to remove, and click Remove Selected.

  2. Click Save and Apply.

Marking a Library as In-House

To mark a library as In-House, do as follows:

  1. Go to the Project and Product pages.

  2. In the Libraries panel, select one or multiple libraries.

  3. At the top of the panel, click Actions > Mark as In-House. The Comments for In-House Library dialog box is displayed.

  4. Note the following if selected:

    • When a single library is selected, an in-house rule By Name will be created for the selected library matching the library name.

    • When multiple libraries are selected, an in-house rule By Name will be created for each selected library matching the library name (this applies even if the library file hash changes).

  5. In Would you like to add comments?, add a comment for this action.

  6. Click Yes. After marked as in-house, the selected libraries will immediately "disappear" from your dashboards and reports.

Info

Note: Marking libraries manually is enabled only for the organization and/or product admin.

Adding/Editing Comments to In-House Libraries

To add/edit a comment for libraries, do as follows:

  1. In the Manual In-House Libraries table, select one or more libraries to which you want to add/edit a comment.

  2. From the top of the table, select Actions > Add/Edit Comment. The Comments for In-House Library dialog box is displayed.

  3. Add a new comment or edit an existing one. If you are editing a comment, the newly entered comment will replace the previously entered comment(s) that were entered.  

Unmarking a Library as In-House

To unmark manual In-House libraries, do as follows:

  1. From the menubar, select Admin. The Organization Administration screen is displayed.

  2. In the Settings area, select In-House. The In-House Settings screen is displayed.

  3. Select the library to unmark (checkbox on the left) and from the Actions menu, select Unmark Selected. The Comments for In-House Library dialog box is displayed.

  4. Optionally, add a comment for this action. If you do, click Yes. If not, click No.

Libraries unmarked will no longer be considered in-house and will "reappear" in all reports and analyses.

Viewing Tooltip Comments

Each manual In-House library has one of the following icons next the library name:

Image Removed - Library does not include a comment 

Image Removed - Library includes a comment

Hovering over a library with a comment displays the comment on the tool-tip, for example:

...

This page is available at: https://docs.mend.io/bundle/sca_user_guide/page/managing_in-house_rules.html