Violations View
The Violations view provides a consolidated overview of all policy violations across the latest versions of your builds. This is the central place to review and act on violations reported by the configured Software Composition Analysis connector.
Tabs
The view is organized into tabs:
- Violations: Shows all active (unignored) violations for the latest build versions. Each violation can be marked as tolerated or false positive using the action buttons.
- Excluded Violations: Shows violations that are matched by an active exclusion rule. Each entry also displays the associated rule.
- Pending Violations: Appears only when the exclusion approval workflow is enabled for Software Composition violations and there are rules awaiting approval.
Violation Details
Each violation in the table includes the following information:
| Column | Description |
|---|---|
| Build | The build name and version where the violation was detected. Links to the build details. |
| Severity | The severity as reported by the SCA tool (e.g., Critical, High, Medium, Low). |
| Description | A short summary of the violation. |
| Updated | When the violation was last updated. |
| Type | The type of violation (e.g., security, license). |
| Components | The affected library components with their versions. |
| Watch Name | The name of the Xray Watch (policy) that triggered this violation. |
| Issue ID | The vulnerability or issue identifier (e.g., a CVE ID or Xray issue ID). |
| Actions | Buttons to mark the violation as false positive or tolerated. This creates an exclusion rule and, depending on configuration, syncs it back to the SCA tool. |
Ignoring a Violation
When you mark a violation as tolerated or false positive, Teamscale creates an exclusion rule. A dialog prompts you to provide a rationale explaining why the violation is being excluded. If the exclusion approval workflow is enabled, the rule will be in a pending state until another user approves it. Otherwise, the rule takes effect immediately and is synchronized to the SCA tool.