How to Turn Off Continuous Baking

Continuous Monitoring of Applications

Continuous Monitoring is a powerful feature of Lifecycle that regularly checks applications for new violations. The primary use-case of this feature is to maintain visibility on applications that have been released or deployed and are not in the build stage.

You can configure this feature to alert specific individuals/groups and schedule to run at specific times.

Continuous Monitoring

Before turning on Continuous Monitoring, it is important to understand the scope and capabilities of this feature. When a Continuous Monitoring event triggers, the most recent binary fingerprint file associated with the application and its development stage is sent to Sonatype, which returns the most recent component metadata. Then, policy is applied, violations are flagged, and notifications are sent.

Here's what this means for you:

• Continuous Monitoring generates a new application report, showing new vulnerability disclosures, .
• Continuous Monitoring relies on to create violations and notifications. Review your policy to ensure that it covers major security and licensing issues.
• Like all , Continuous Monitoring will only generate a notification if the violation is new.
• If a large number of applications are using Continuous Monitoring, this feature takes longer (sometimes longer than 24 hrs.)

Continuous Monitoring happens "outside" your CI/CD pipeline.

Here's what this means for you:

• Reports generated by Continous Monitoring policy evaluations will not appear in your CI/CD tools. Use a browser UI and the Dashboard or Reports pages to see the results of Continuous Monitoring policy evaluations.
• When enabling Continuous Monitoring, you will be prompted to associate Continous Monitoring policy evaluations with a development stage on a per-application basis. Best practice is to select a stage late in the development life cycle that is not frequently used for other policy evaluations.

Learn more about what Policy is and how to configure your policies at our Policy Management documentation.

Turning On Continuous Monitoring

Turning on Continuous Monitoring is a two-step process. Failure to complete step two will result in notifications not being sent after policy evaluation.

Continuous Monitoring uses the same inheritance hierarchy as policy i.e., Root Organization at the top, followed by the Organization, and finally the Application. Depending on your IQ Server configuration, it may seem like some settings cannot be changed. In this scenario, move one level up on the hierarchy.

The Edit IQ elements permission is required for the organization/application for which Continuous Monitoring is configured.

Step One: Turning on Continuous Monitoring at Organization or Application Level

1. On the left sidebar, click Orgs and Policies.
2. Select the organization or application you want to monitor.
3. Click the Continuous Monitoring button or scroll down to the Continuous Monitoring section.
   
4. You should see the option Do Not Monitor or Inherit from [Parent] (Do not monitor). Click the chevron.
   
5.  from the list and then click Update.
   

Step Two: Configuring Notifications at Policy Level

Configure notifications for Continuous Monitoring at the policy level to identify who should receive an email message when new policy violations are triggered.

1. On the left sidebar, click Orgs and Policies.
2. Select the organization or application you want to monitor.

3. Click on an existing policy. If the policy is grayed out, that means that policy is being inherited from the organization or root organization and can't be altered at this level. Move one step up the hierarchy and click on the policy. If it's still grayed out, move another step up the hierarchy.

4. Click the Notifications button or scroll to the Notifications section.
   
5. Select the recipient type. You can mix and match multiple recipients across all three types.
   1. If the recipient type is Emails, specify the exact email address.
   2. If the recipient type is Role, select the role. All users assigned this role will receive a notification email.
   3. If the recipient type is Webhook, select an existing Webhook from the list. See Webhooks to learn more.
6. For each notification recipient, check the Continuous Monitoring box.

Turning off Continuous Monitoring

To turn off Continuous Monitoring:

1. On the left sidebar, click Orgs and Policies .
2. Select the organization or application you want to turn off Continous Monitoring for.
3. Click the Continuous Monitoring button or scroll down to the Continuous Monitoring section.
4. Click the chevron.
5. Select Do Not Monitor or Inherit from [Parent] (Do not monitor) and then click Update.

Scheduling Continuous Monitoring

By default, Continuous Monitoring starts at 12:00 midnight, based on the time of the machine hosting the IQ Server. You can change the start time for Continuous Monitoring as follows:

For IQ Server Release 142 and later

NEW IN RELEASE 142

Via the configuration REST API.

For IQ Server Release 141 and prior

Via IQ Server's config.yml file as follows:

# Hour of the day(0-23) to schedule Policy Monitoring execution. The default is midnight. policyMonitoringHour: 0

By default, the config.yml file is located in the same directory as your nexus-iq-server-[version].jar file.

Manually Triggering Continuous Monitoring

You can by issuing the following command to the IQ Server's administrative port. To learn more about talking to IQ Server through the administrative port, see our documentation on configuring inbound traffic.

$ curl -X POST http://localhost:8071/tasks/triggerPolicyMonitor

This command is not recommended for most situations. Instead, edit the config.yml file as described in the section above.

combshadonse.blogspot.com

Source: https://help.sonatype.com/iqserver/managing/policy-management/continuous-monitoring-of-applications

Share this post