Use Case:
A DevOps team wants to ensure that only actively maintained and secure package versions are used, preventing developers from relying on outdated or unsupported dependencies.
Workflow Steps:
- Enable Curation for Software Package Repositories
- Navigate to Administration > Curation > Remote Repositories.
- Enable curation for repositories with long-term dependencies (e.g., npm, Maven, NuGet, PyPI).
- Create a Package Age Policy
- Go to Application > Curation > Policies and create a new policy: Enforce Up-to-Date Dependencies.
- Under Policy Scope, apply the policy to all curated repositories.
- Define an Operational Condition
- Select a condition that prevents outdated package usage:
- Package Version is Aged (No Newer Version Identified): Blocks versions older than two years if no newer version exists.
- Package Version is Aged (New Version Available): Blocks versions older than six months when a newer version exists.
- Package Version is Immature: Prevents using versions released less than a specified time ago.
- Select a condition that prevents outdated package usage:
- Select an Action & Notifications
- Choose Block to enforce the restriction.
- Enable Email notifications to alert the requester and DevOps team when a package is blocked.
- Validate Package Version Control
- Attempt to install an outdated package.
- Confirm the request is blocked with an alert explaining why the version is restricted.
- Review package metadata in Audit Events.