The Governance Report contains the information described below. Each tile shows the result of a scan of 1 or more policy checks related to the governance area shown. If the governance status for a particular areas shows an error, warning, or information, an additional table will appear below the status tiles that lists which policy checks failed. Use these tables to determine what has failed and how to resolve it.
App Info
Name. The name of the app.
Mendix App ID. The Mendix App ID for this app (also known as a 'project ID').
Hosting platform. The hosting platform that AppControl detected this app on.
App repository. The app repository that this app is using to store it's project files.
Environment Info
Name. The name of the environment.
URL. The URL of the environment.
Mendix Version. The Mendix version in use by this environment.
Model Version. The model version that is currently deployed to this environment.
Code is Secure
Description: Code has been checked for known execution and access control vulnerabilities.
Policy Checks: All checks with the category 'Security' with the exception of COMP_0001.
Code is Standard
Description: Code conforms to naming, organizational, documentation, and architectural best practices and standards.
Policy Checks: All checks with the category 'Standards'.
Audit Readiness
Description: App version, access control, configuration, logging, and control system changes are monitored, recorded, and secured from deletion so that they are available for audits.
Policy Checks: GOV_0006
Components are Secure
Description: Third-party and vendor-supplied components do not contain known security vulnerabilities.
Policy Checks: COMP_0001
Latest Components
Description: App is using up to date versions of third-party and vendor-supplied components, compatible with the currently used runtime.
Policy Checks: COMP_0007, COMP_0008, COMP_0009
Supported Components
Description: The third-party and vendor-supplied components used by the app are supported by their vendors in case of bugs or critical issues.
Policy Checks: COMP_0003, COMP_0004
Logs Monitored
Description: App logs are reviewed daily for suspicious activity, infastructure and integration failures, and warnings that may lead to application failures.
Policy Checks: GOV_0003
Access Control Monitored
Description: Who has access to the management systems used to change app code, configuration, and deployed software versions is monitored and recorded.
Policy Checks: GOV_0004
Operational Tasks Monitored
Description: Tasks necessary for the secure and daily operation of the app are monitored, and have been completed on time.
Policy Checks: GOV_0005
Controlled Releases
Description: Releases have been reviewed and approved, release notes documented, tested for policy compliance, and is known who the code committers are.
Policy Checks: GOV_0001
Controlled Configurations
Description: Changes to app configurations are reviewed and approved, part of a planned release, and it is known who created and deployed the configuration.
