.
Overview:
Sometimes there could be a specific requirement to block all versions of a component to enter into your environment. This article provides the instructions on how this requirement can be achieved with IQ policy.
Steps:
To block all versions of specific component, a policy could be created with constraint on any of the conditions below.
- Coordinates
- Package URL
Once the policy is created, set the policy actions according to your requirement. i.e, if the policy should quarantine the component in repository, set the action on "proxy" to "FAIL".
Policy on condition "Coordinates":
Create IQ policy constraint with condition on “Coordinates” and configure them to match the specific attributes based on the format
The different formats and the attributes for each format on policy condition can be seen here
For ex: to block all versions of maven component "org.apache.commons: commons-text", create a policy on coordinates for maven format and set the attributes like below.
Group ID: org.apache.commons Artifact ID: commons-text Version: * Extension: * Classifier: *
Note: The above attributes can be modified according to the requirement to block specific versions/extensions/classifiers.
Policy on "Package URL":
Create IQ policy constraint with condition on "Package URL" to check if a component matches a specified package URL.
The package URL pattern looks like below.
"packageUrl": "pkg:{ecosystem}/[{namespace}/]{component_name}@{version}[?{qualifier}={value}]"
More details on the policy condition and the package url examples for different formats can be found here
For ex: To block all versions of maven component "org.apache.commons: commons-text", use policy condition like below.
"Package URL" matches "pkg:maven/org.apache.commons/commons-text@*?classifier=*&type=*"
Note: to block only specific versions/extensions/classifiers, please modify the package URL accordingly.