Catalog standards ensure that only open source packages that meet your defined standards are approved in your catalog. However, there are cases when you may want to create an exception for a package to be approved even if it doesn't meet the standards.
Some examples of when you may need an exception:
- Security – Even though you are using a package release with a vulnerability, it is not being used in an exploitable way or it is a risk that your team feels comfortable assuming.
- Licensing – You have a package that is licensed with a license that you would typically deny, however in this instance it would be okay to approve the package.
- Maintenance – Although your organization has a standard to use non-deprecated packages, you may feel comfortable creating an exception for a small or widely-used package.
Creating exceptions for each standard
For each standard that's enabled for your catalog, you are able to manage exceptions to said standard.
Review security vulnerabilities – When reviewing a security vulnerability, you may choose to Ignore the vulnerability for the affected package. This effectively creates an exception and will keep the package release approved in your catalog.
License compliance – When approving a new release with a non-compliant license, you may choose to only approve the license for that particular package or that particular release of the package. You can view and export all of the license compliance exceptions you created by going to Standards > View license compliance standard exceptions