AppControl Docs
  • Introduction
  • Overview
    • Features
    • Product architecture
      • AppControl Repository
      • Policy Checks
    • Initial set up
      • AppControl User
      • Install package
      • Configure system
      • Add apps
      • Add users
      • Give permissions
    • User Roles & Access
    • Getting Started
      • Platform Administrator
      • App Owner
      • App Administrator
      • Developer
  • Dashboards
    • Platform
    • Alerts
    • App
      • Log Rule
    • Policies
      • Compare Revisions
    • Releases
      • Create Release
    • Tasks
      • Task Assignment
      • Task Details
    • Insights
      • Components
      • Reports
      • Users
      • Logs
  • Administration
    • Policies
    • Pipelines
      • Approval
      • Backup
      • Build
      • Call API
      • Check Policy
      • Deploy
      • Deploy Configuration
      • Notification
      • Start / Stop
    • Tasks
    • App Groups
    • Access Groups
    • System
      • Accounts
      • Notifications
      • System Status
      • System Logs & Tools
      • System Configuration
      • Repository
        • Log Solution
      • Product License
      • Management API
      • Mendix Configuration
    • Feedback
  • Checks
    • APIs
      • Published APIs must use authentication
    • App
      • Project security level
      • Project security enabled
      • Demo users enabled
      • Anonymous users enabled
      • Strong password policy
      • Default admin username changed
      • Anonymous user access restricted
      • Default admin user restricted
      • Use strong hash algorithm
      • Check user role security for consistency
      • Restrict users to a single session
      • Perform strict page URL checks
      • Project naming standards
    • Components
      • Components with vulnerabilities
      • Mendix runtime version age
      • Mendix runtime support status
      • Non platform supported components
      • Max component age
      • Average age components
      • Use latest version of Marketplace module
      • Use latest version of Marketplace widget
      • Use latest version of Mendix
      • Limit number of Java libraries
      • Limit number of widgets
      • Use minimum Mendix runtime version
    • Constants
      • Do not expose constants to client
    • Development
      • Last commit to production
      • Last commit to project
      • Project documentation standards
      • Project organization standards
      • Project logging standards
    • Domain Model
      • Default member access rights restricted
      • Use read only attributes in XPath constraints
      • Anonymous users can only change own data
      • Anonymous users cannot change unlimited length strings
      • Domain model standards
      • Anonymous user access restricted
      • Naming standards - Domain Model
      • Documentation standards - Domain Model
    • Enumerations
      • Naming Standards - Enumerations
    • Microflows
      • Incorrect date format
      • Incorrect empty string check
      • Empty variable used
      • Apply entity access when generating documents
      • Use inherited entities from System module
      • Web service calls with templates should be escaped
      • Naming Standards - Microflows
      • Logging Standards - Microflows
      • Documentation Standards - Microflows
    • Pages
      • Attributes in data views should be editable
      • Naming Standards - Page Flows
      • Documentation Standards - Pages
  • Support
    • Docs
    • Feedback
    • Tickets
    • Releases
    • System Status
    • User Details
Powered by GitBook
On this page
  1. Overview
  2. Product architecture

Policy Checks

AppControl enforces compliance by automatically checking policies whenever a new revision of an application is deployed. Policies consist of individual policy rules, which are categorized into two types:

  • Single-Run Rules: These rules are checked once per revision and typically apply to aspects such as app models, microflows, pages, and other structural elements.

  • Recurring Rules: These rules are continuously monitored beyond the initial deployment. They include checks for component vulnerabilities, support status of used components, and other external dependencies.

Recurring policy checks are performed at two key moments:

  1. When a new revision of an application is deployed.

  2. Every 24 hours to ensure that all applications remain compliant with the latest updates.

The data required for policy evaluations, including vulnerability information and support status of components, is sourced from the AppControl repository. This repository is updated once per day, ensuring that policy checks always use the most current information available.

Policy checks are designed by Blue Storm and are based on Mendix Best Practices, Community Best Practices, and customer feedback. After being developed and thoroughly tested, new policy checks are included in future AppControl product releases to continuously enhance compliance monitoring and enforcement.

PreviousAppControl RepositoryNextInitial set up

Last updated 20 days ago