Control Center Policies

content/en/docs/control-center/security/audit-logs.md

@@ -2,7 +2,7 @@
 title: "Audit Logs"
 url: /control-center/audit-logs/
 description: "Describes the Audit Logs page in the Mendix Control Center."
-weight: 30
+weight: 60
 beta: true
 ---
 

content/en/docs/control-center/security/certificate-management.md

@@ -3,7 +3,7 @@ title: "Certificate Management"
 linktitle: "Certificate Management"
 url: /control-center/certificate-management/
 description: "Describes the Certificate Management page in Mendix Control Center."
-weight: 40
+weight: 50
 beta: true
 ---
 

content/en/docs/control-center/security/policies.md

@@ -0,0 +1,109 @@
+---
+title: "Policies"
+url: /control-center/policies/
+description: "Describes the Policies page in the Mendix Control Center."
+weight: 30
+beta: true
+---
+
+{{% alert color="warning" %}}
+This feature is in Public Beta. For more information, refer to [Release Status](/releasenotes/release-status/).
+{{% /alert %}}
+
+## Introduction
+
+Policies help ensure that your app landscape is secure, compliant, and consistent. On the **Policies** page, you can define policies that your apps need to adhere to. If they do not, violations are automatically detected and reported in Software Composition, allowing you to react accordingly. For details on how policy violations are displayed in Software Composition, refer to [Policy Status](/control-center/policy-status/).
+
+The **Policies** page allows you to create new policies, lists all of your existing policies, and displays a **Help & Support** pane with useful information about creating policies.
+
+## Defining Policies
+
+You can define policies by either using a template or starting from scratch. The following sections describe the process for each scenario.
+
+### Creating a Policy From a Template
+
+You can use one of the existing templates to create your own policy. 
+
+1. Click **Create from Template**.
+
+2. Select one of the available templates:
+
+    * Don’t allow high or critical findings
+    * Don’t allow Mendix runtime versions below 9.24.26
+    * Only allow Marketplace components that are platform-supported
+
+3. In the **Policy Name** field, add a name for the new policy.
+
+4. Select one of these actions:
+
+    * **Edit** – Make changes to the template, such as adjusting the Mendix runtime version.
+    * **Save as Inactive** – Save the policy, but do not enforce it yet.
+    * **Save & Activate** – Save the policy and enforce it.
+
+### Creating a Policy From Scratch
+
+You can create a policy by defining your own details.
+
+1. Click **Create from Scratch**.
+
+2. On the **Policy Definition** tab, fill in the following details:
+
+* **Policy Name** – A relevant name for your policy, such as one indicating what the policy checks.
+* **Description** – A description of the goal of the policy, which covers why it needs to be adhered to, and how to fix its violations.
+* **Policy Conditions** – Define the conditions under which the policy is considered violated. These are the available conditions and their values:
+
+    * **Any finding severity is** – Choose which severity level violates the policy. You can select one or more of the following values:
+
+        * **LOW**
+        * **MEDIUM**
+        * **HIGH**
+        * **CRITICAL**
+
+        For example, if you select **CRITICAL**, apps with critical findings violate this policy.
+
+    * **Mendix runtime version is lower than** – Indicate which Mendix version is the minimum that your apps must use.
+
+    * **Marketplace component license is not** – Select the licenses that are acceptable. If a Marketplace component has a license which is not one of the ones you select here, the policy is violated. These are the possible values:
+
+        * MIT
+        * BSD_2_0
+        * APACHE_V2
+        * APACHE_1_0
+        * MENDIX_EULA
+        * PARTNER_LICENSES
+        * CREATIVE_COMMONS_CC0
+        * GNU_GENERAL_PUBLIC_LICENSE_V3
+        * MENDIX_MARKETPLACE_CONTENT_TERMS
+
+    * **Marketplace component support is not** – Select the support types that are acceptable. If a Marketplace component has a support type which is not one of the ones you select here, the policy is violated. These are the possible values:
+
+        * PARTNER
+        * SIEMENS
+        * PLATFORM
+        * COMMUNITY
+
+* **Checkpoints & Action(s)** – Select the trigger which causes the policy to be checked, and the action that is taken if the policy is violated. Currently, policy violations are checked at the time of package creation, and violations generate warnings.
+
+3. On the **Policy Scope** tab, select whether you want the policy to apply to all licensed apps, or only to specific apps in your environment.
+
+4. Select one of these actions:
+
+    * **Cancel** – Discard the policy.
+    * **Save as Inactive** – Save the policy, but do not enforce it yet.
+    * **Save & Activate** – Save the policy and enforce it.
+
+## Policy Details
+
+These are the details you can see for every existing policy:
+
+* **Policy Name** – The policy's name.
+* **ID** – The policy's unique ID, which you can copy.
+* **Policy Scope** – The policy's app scope.
+* **Last Updated By** – The unique ID of the user who most recently updated the policy.
+* **Last Updated Date** – The date when the policy was most recently updated.
+* **Status** – Whether the policy is active or not.
+* Actions:
+
+    * **Edit Policy**
+    * **Deactivate Policy**
+    * **Delete Policy**

content/en/docs/control-center/security/software-composition/overview.md

@@ -43,6 +43,7 @@ The app list is sorted based on the number of findings and their severity, from
 * **Environment** — The name of the environment.
 * **Runtime** — The Mendix Runtime version.
 * **Findings** — The number of findings of each type, color-coded according to severity level.
+* **Policy Status** – The number of policies that the app violates. For details on each policy, click this line item, then go to the **Policy Status** tab of the app. 
 * **Technical Contact** — The Technical Contact of the app.
 * **Target Cloud** — The type of cloud where the deployment package is deployed. Currently, the following types of cloud are supported:
     * Mendix Free Cloud
@@ -105,7 +106,7 @@ The finding list contains the following information:
 * **Deprecated since version publish date** — The release date of the version when the component became deprecated.
 * Column customization ({{% icon name="view" %}}) — You can customize the columns in the list by clicking the {{% icon name="view" %}} icon and selecting or deselecting options.
 
-### Component Usage {#overviw-component-usage}
+### Component Usage {#overview-component-usage}
 
 The **Component Usage** tab displays a detailed view of all components used within the app.
 
@@ -140,3 +141,29 @@ The component usage list contains the following information:
 * Column customization ({{% icon name="view" %}}) – You can customize the columns of the list by clicking the {{% icon name="view" %}} icon and selecting or deselecting options.
 
 To export the information corresponding to selected items in the list to an Excel file, select the checkboxes of the items in the list, then click **Selection Export** that appears at the bottom of the page.
+
+## Policy Status
+
+The **Policy Status** tab displays a list of the policies that the app violates, with the following information for each:
+
+* **Status** – The status of the violation.
+* **Policy Name** – The name of the violated policy.
+* **View Details** – Details about the violated policy:
+
+    * **Policy ID** – The unique ID of the policy.
+    * **Policy Name** – The name of the policy.
+    * **Description** – A short description of the policy, which includes the reason why it is violated.
+    * **Status** – Whether the policy is active or not.
+    * **Scope** – The apps that the policy applies to.
+    * **Created by** – The unique ID of the user who created the policy.
+    * **Created on** – The date when the policy was created.
+    * **Last modified by** – The unique ID of the user who most recently updated the policy.
+    * **Last modified on** – The date when the policy was most recently updated.
+    * **Failure Condition(s)** – The conditions under which the policy is considered violated.
+    * **Checkpoints & Action(s)** – The trigger which causes the policy to be checked, and the action that is taken if the policy is violated.
+
+* Column customization ({{% icon name="view" %}}) — You can customize the columns in the list by clicking the {{% icon name="view" %}} icon and selecting or deselecting options.
+
+You can search a policy by its name, and export all information on this tab to an Excel file.
+
+For details on defining policies, refer to [Policies](/control-center/policies/).

content/en/docs/control-center/security/software-composition/policy-status.md

@@ -0,0 +1,18 @@
+---
+title: "Policy Status Tab"
+url: /control-center/policy-status/
+description: "Describes the Policy Status tab on the Software Composition page of the Mendix Control Center."
+weight: 3
+---
+
+## Introduction
+
+The **Policy Status** tab lists the policies that apply to all apps in your landscape, along with the number of times each policy was violated. Clicking a policy name opens the list of all apps and environments which violated that specific policy, with the following details:
+
+* **Status** – The type of violation.
+* **App Name** – The name of the app which violated the policy.
+* **Package Name** – The name of the package which violated the policy.
+* **Environment Name** – If applicable, the name of the environment where the violating app package is deployed.
+* **Runtime** – The runtime version of the deployment package.
+* **Target Cloud** — The type of cloud where the deployment package is deployed.
+* **Last Checked On** – The date when the policy was last checked.

content/en/docs/control-center/security/software-composition/scoring-criteria.md

@@ -3,7 +3,7 @@ title: "Scoring Criteria Tab"
 linktitle: "Scoring Criteria Tab"
 url: /control-center/scoring-criteria-tab/
 description: "Describes the Scoring Criteria tab on the Software Composition page of the Mendix Control Center."
-weight: 3
+weight: 4
 ---
 
 ## Introduction

content/en/docs/deployment/general/software-composition.md

@@ -83,6 +83,7 @@ The list contains the following information:
 * **Runtime** — The Mendix Runtime version.
 * **Findings** — The number of findings of each type, color-coded according to severity level.    
   {{% alert color="warning" %}}Findings are calculated for all software packages that are built. However, if a package is not deployed, we will stop updating its findings after 30 days. These findings will be grayed out and displayed as 0.{{% /alert %}}
+* **Policy Status** – The number of policies that the app violates. For details on each policy, click this line item, then go to the [Policy Status tab](#policy-status) of the app.
 * **Version** — The version of the deployment package on this app environment.
 * **Technical Contact** — The Technical Contact of the app.
 * **Target Cloud** —  The type of cloud where the deployment package is deployed. Currently, the following types of cloud are supported:
@@ -116,6 +117,32 @@ The page is divided into two tabs: **Findings** and **Component Usage**. For det
 * [Findings](/control-center/overview-tab/#overview-findings)
 * [Component Usage](/control-center/overview-tab/#overviw-component-usage)
 
+### Policy Status {#policy-status}
+
+The **Policy Status** tab at the deployment package level displays a list of the policies that the specific package violates, with the following information for each:
+
+* **Status** – The status of the violation.
+* **Policy Name** – The name of the violated policy.
+* **View Details** – Details about the violated policy:
+
+    * **Policy ID** – The unique ID of the policy.
+    * **Policy Name** – The name of the policy.
+    * **Description** – A short description of the policy, which includes the reason why it is violated.
+    * **Status** – Whether the policy is active or not.
+    * **Scope** – The apps that the policy applies to.
+    * **Created by** – The unique ID of the user who created the policy.
+    * **Created on** – The date when the policy was created.
+    * **Last modified by** – The unique ID of the user who most recently updated the policy.
+    * **Last modified on** – The date when the policy was most recently updated.
+    * **Failure Condition(s)** – The conditions under which the policy is considered violated.
+    * **Checkpoints & Action(s)** – The trigger which causes the policy to be checked, and the action that is taken if the policy is violated.
+
+* Column customization ({{% icon name="view" %}}) — You can customize the columns in the list by clicking the {{% icon name="view" %}} icon and selecting or deselecting options.
+
+You can search a policy by its name, and export all information on this tab to an Excel file.
+
+For details on defining policies, refer to [Policies](/control-center/policies/).
+
 ## Components {#all-components}
 
 The **Components** tab gives an overview of all the unique components deployed in all the combined app environments. 
@@ -221,3 +248,14 @@ The component usage list contains the following information:
 * **Version** — The version of the impacted deployment package.
 * **Target Cloud** — The type of cloud where the deployment package is deployed.
 * Column customization ({{% icon name="view" %}}) — You can customize the columns in the list by clicking the {{% icon name="view" %}} icon and selecting or deselecting options.
+
+## Policy Status
+
+The **Policy Status** tab lists the policies that apply to all the deployment packages of the app, along with the number of times each policy was violated. Clicking a policy name opens the list of all app artifacts and environments which violated that specific policy, with the following details:
+
+* **Status** – The type of violation.
+* **Package Name** – The name of the package which violated the policy.
+* **Environment Name** – If applicable, the name of the environment where the violating app package is deployed.
+* **Runtime** – The runtime version of the deployment package.
+* **Target Cloud** — The type of cloud where the deployment package is deployed.
+* **Last Checked On** – The date when the policy was last checked.

content/en/docs/releasenotes/control-center/2026.md

@@ -7,6 +7,14 @@ weight: 1
 numberless_headings: true
 ---
 
+## June 2026
+
+### June xx, 2026
+
+#### New Features
+
+* You can now define and enforce policies to ensure your app landscape is secure, compliant, and consistent. The new **Policies** page, currently in beta, in Control Center allows you to create policies that check for conditions like finding severity, Mendix runtime version, and Marketplace component licenses and support types. Policy violations are automatically detected and reported in Software Composition. For details, refer to [Policies](/control-center/policies/), [Policy Status](/control-center/policy-status/), and [Software Composition](/developerportal/deploy/software-composition/).
+
 ## May 2026
 
 ### May 12, 2026

content/en/docs/releasenotes/deployment/mendix-cloud/2026.md

@@ -5,6 +5,15 @@ url: /releasenotes/developer-portal/mendix-cloud/2026/
 description: "2026 Release notes for Mendix Cloud"
 weight: 1
 ---
+
+## June 2026
+
+### June xx, 2026
+
+#### New Features
+
+* You can now view and take action on policy violations, which are automatically detected and reported in Software Composition. Policies are defined in Control Center, allowing you to check for conditions like finding severity, Mendix runtime version, and Marketplace component licenses and support types. For details, refer to [Policies](/control-center/policies/), [Policy Status](/control-center/policy-status/), and [Software Composition](/developerportal/deploy/software-composition/).
+
 ## April 2026
 
 ### April 26, 2026