Currently we provide the decision on whether to enforce whitelists on company and on project level. Given you select the switch on company level, the decision will be relevant for all projects within the corporate account. Given you remain this switch in the "off" position, you may select on project base whether to enforce the whitelisting.
The latter might make sense, if you host several F&E or trial projects but have pretty strict regulations on the company whitelist.
However, to change the status of the "Whitelist enforcement" feature, you require the Compliance Manager role.
As Compliance Manager you may select the "Corporate black-/whitelist"-Section from the upper right settings menu. This will open the corporate black- and whitelist section.
The switch under the licenses section either shows a grey or a green color. Grey indicates that the corporate list will not be enforced automatically. Green indicates that the listing will be required.
Almost the same handling applies to the project whitelist. To change the setting, select the corresponding project, click "Project Settings" on the project card and the "Black-/Whitelist" tab. There you will find the corresponding selection on project level.
PLEASE NOTE: Switching the "Whitelisting required" will not show any results before the next analysis run will be triggered. Compliance declarations (approvals) from before, will not be affected! Also the turning on or off will not automatically initiate any analysis of existing projects. Despite this, the next analysis will pay respect to the new settings.