Policies

A Xygeni policy lays out the set of rules, practices, checks and processes aimed at hardening your software infrastructure for controlling the risk of supply chain attacks. Each policy defines acceptable and unacceptable behaviors, which detectors should be in place, and what is the impact (based on risk scoring) when security issues are introduced.

A software project under analysis has a policy assigned, which could be more or less strict according to organizational criteria. The policy in effect is downloaded at scan time or when raw activity data is received from Xygeni sensors.

The Xygeni platform provides a default policy, tailored to cover a common assessment of the software supply chain security for most organizations.