Monitor policies in Polaris
You can track policy violations throughout the Polaris user interface.
Monitor policy on the Portfolio page
When you open the Portfolio page, the quantity of active policy violations in each application appears in the Total Active Policy Violations () column. This is the sum of active policy violations detected in the most recent SAST (default branch only), SCA (default branch only), and DAST tests of projects in each application.
Open an application to view the policy status of each project (represented by a green or red shield icon) and the total quantity of violating issues in each SAST (default branch only), SCA (default branch only), and DAST project.
If the same issue or component violates more than one policy (or policy rules), and/or is found in multiple branches, it's only counted once.
When issues found in the latest test violate policies, the shield icon is red. The green shield icon indicates no policy violations were captured in the latest test.
Issue and component triage
Quantities in the Total Active Policy Violations columns can change when you triage issues or components, but only if:
- An issue policy's rules capture issues with specific Triage Status properties, and/or
- A component policy's rules only capture components that are Included in your software bill of materials (SBOM).
To exclude dismissed issues and excluded components from quantities in the Total Active Policy Violations columns (recommended), make sure your:
- Issue policies' rules capture issues with the To Be Fixed and Not Triaged statuses, and
- Component policies' rules capture components that are Included in your software bill of materials (SBOM).
Monitor policy on the Tests page
The policy status of completed tests is captured on the Tests page, in the Policy Violations column.
Dropdown menus in the Policy Violations column list:
- The quantity of policy violations detected in the test.Note: The quantity of active policy violations doesn't always include overdue issues (issues that are detected after their fix-by date). Overdue issues are only counted as active violations when a policy includes a rule that checks for issues with a Fix-By Status of Overdue. See Issue policies for more information.
- The quantity of issue policies assigned to the branch when the test started.
Open a dropdown menu to see the names of the issue policies assigned to the branch (when the test started), along with links to view issues that violate different rules.