Hi,
When i run guardrails score on say Application XYZ:01.01.01, it also shows compliance warning for higher application version XYZ:01.02.01. May i know why Pega is showing waring for higher application version as well?
Hi @AnandP17019846.
Compliance checks in Pega Guardrails are evaluated against the entire application stack. This means that even if a specific component or feature is only present in a higher version of the application, it will still be evaluated against the lower version.
This is because compliance checks are designed to ensure that the entire application stack is compliant with the selected standard. If a higher version of the application is found to be non-compliant, it could potentially pose a risk to the lower version as well.
For example, let’s say that Application XYZ:01.01.01 is compliant with a specific standard. However, Application XYZ:01.02.01 contains a new feature that introduces a security vulnerability. In this case, Pega Guardrails would issue a compliance warning for Application XYZ:01.01.01, even though the vulnerability is only present in the higher version.
This is because the vulnerability could potentially be exploited in the lower version if the user upgraded to the higher version in the future. By issuing a compliance warning for the lower version, Pega Guardrails is helping to ensure that the entire application stack is compliant with the selected standard.
I hope it helps.
Thanks
Megha