How to Prevent the Use of Deprecated or Outdated Packages in Development
Use Case:
A DevOps team wants to ensure developers use actively maintained and secure package versions, and prevent reliance on outdated or unsupported dependencies.
Workflow Steps:
- Create a Package Age Policy
- Go to Application > Curation > Policies and create a new policy: Enforce Up-to-Date Dependencies.
- Under Policy Scope, apply the policy to all curated repositories.
- Define an Operational Condition
- Select a condition that prevents outdated package usage:
- Package Version is Aged (No Newer Version Identified): Blocks package versions older than 2 years when no newer version exists (likely unmaintained).
- Package Version is Aged (New Version Available): Blocks package versions more than 180 days older than the latest available version.
- Package Version is Immature: Blocks newly released versions until they reach a defined minimum age (to avoid unstable releases).
- Select a condition that prevents outdated package usage:
- Select an Action & Notifications
- Choose Block to enforce the restriction.
- Enable Email notifications to alert the requester and DevOps team when a package is blocked.
- Validate Package Version Control
- Attempt to install an outdated or restricted package version.
- Confirm the request is blocked and an explanatory alert is shown.
- Review package metadata and enforcement details in Audit Events.
Updated 29 days ago