Monitor policies in

You can track policy violations throughout the user interface.

Monitor policy on the Portfolio page

When you open the Portfolio page, the quantity of active policy violations in each application appears in the Total Active Policy Violations () column. This is the sum of active policy violations detected in the most recent SAST (default branch only), SCA (default branch only), and DAST tests of projects in each application.



Open an application to view the policy status of each project (represented by a green or red shield icon) and the total quantity of violating issues in each SAST (default branch only), SCA (default branch only), and DAST project.



Important: The policy status of each project is based on the most recent test (found in the Latest Completed Test column).
Note: The quantity of active policy violations doesn't always include overdue issues (issues that are detected after their fix-by date). Overdue issues are only counted as active violations when a policy includes a rule that checks for issues with a Fix-By Status of Overdue. See Issue policies for more information.

If the same issue or component violates more than one policy (or policy rules), and/or is found in multiple branches, it's only counted once.

When issues found in the latest test violate policies, the shield icon is red. The green shield icon indicates no policy violations were captured in the latest test.

Issue and component triage

Quantities in the Total Active Policy Violations columns can change when you triage issues or components, but only if:

  • An issue policy's rules capture issues with specific Triage Status properties, and/or
  • A component policy's rules only capture components that are Included in your software bill of materials (SBOM).

To exclude dismissed issues and excluded components from quantities in the Total Active Policy Violations columns (recommended), make sure your:

  • Issue policies' rules capture issues with the To Be Fixed and Not Triaged statuses, and
  • Component policies' rules capture components that are Included in your software bill of materials (SBOM).
Note: See Ways to triage issues in and Ways to triage components in for more information on triage.

Monitor policy on the Tests page

The policy status of completed tests is captured on the Tests page, in the Policy Violations column.



Note: The Policy Violations column also appears on the Tests tab when you open a project.


Dropdown menus in the Policy Violations column list:

  • The quantity of policy violations detected in the test.
    Note: The quantity of active policy violations doesn't always include overdue issues (issues that are detected after their fix-by date). Overdue issues are only counted as active violations when a policy includes a rule that checks for issues with a Fix-By Status of Overdue. See Issue policies for more information.
  • The quantity of issue policies assigned to the branch when the test started.
Note: Dropdown menus only appear next to completed tests if issue policies were assigned to the branch when the test started.

Open a dropdown menu to see the names of the issue policies assigned to the branch (when the test started), along with links to view issues that violate different rules.