Configuring Policies

Policy configuration (admins only)

1. Go to Settings → Organization → Policies.
2. Enable and configure criteria to monitor under Conditions.
3. Add one or more email recipients under Action.
4. Click Save.

Note: Policy configurations are not automatically inherited by sub-organizations.

Scope: Policies apply to SBOMs uploaded after the policy is saved.

Recommended baselines

Product security: Vuln recommendation = Mitigate.

License compliance: License status = Forbidden or Review; License types include Copyleft/Copyleft Limited.

Best practices

• Use team listservs for recipients (e.g., security@…); avoid individual email addresses.
• Start with stricter thresholds and tune based on alert volume.