Policy Violations Aren't Removed After Adding In-House Rule

Problem Description

You receive policy violations for in-house libraries after adding the proper in-house rule, and those libraries have been moved to the In-House report. However, the alerts haven’t been removed.

Solution

This issue happens because adding an in-house rule will not automatically recalculate the policy violation. To do so, you will need to re-run the scan. Alternatively, you can manually recalculate the policy alert by following the steps below:

1. First, find the relevant policy by browsing to the Policy Violations page. This report can be accessed by clicking in the “Violations” area under “Policy”, within the “Organization Alerts” section from the homepage of the Mend UI (screenshot below), and checking the description of the libraries. The “description” value represents the policy name that is being violated. This report can also be accessed by selecting “Alerts” → “Licensing & Compliance” from the blue bar across the top of the UI, and then adjusting the search filter to “Policy Violation”, and the desired alert status.

2. Navigate to the relevant organizational/product/project policy (this requires organizational/product/project admin privilege). For organizational policies, click “Policies” in the blue bar across the top of the UI. For product/project policies, browse to the relevant product/project page and click “Policies” near the top right of the page, under the blue bar.

1. Checkbox the relevant policy, click the “Apply to Existing Inventory” button, then click “Save”

2. This recalculation might take a couple of minutes, and you can see the changes by refreshing the page