Policy Management is one of the main components of Checkmarx’s Management and Orchestration solution for AppSec managers.
Policy Management provides a centralized management console for defining, managing and tracking an organization’s acceptable security risk across all its applications and projects, using unified application security policies across customer/proprietary code and open source components.
A security policy is comprised of customer-defined rules that serve to define compliance, and against which violations occur. After a policy is created, it can then be assigned to one or more projects. Multiple policies can also be defined per project.
Policy Management supports rules with multiple conditions. Rule definitions typically pertain to the types of findings (seen in scan results) that should not be in the application.
In this version, Policy Management supports CxOSA rules pertaining to the library, license and vulnerabilities.
For more information about CxOSA policy results, see the Policy Violations View section in CxOSA Viewer (v8.8.0)