Add Policy DSL Validator, Schema Exporter, and Simulation Smoke tools
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Implemented PolicyDslValidator with command-line options for strict mode and JSON output. - Created PolicySchemaExporter to generate JSON schemas for policy-related models. - Developed PolicySimulationSmoke tool to validate policy simulations against expected outcomes. - Added project files and necessary dependencies for each tool. - Ensured proper error handling and usage instructions across tools.
This commit is contained in:
30
docs/examples/policies/serverless.yaml
Normal file
30
docs/examples/policies/serverless.yaml
Normal file
@@ -0,0 +1,30 @@
|
||||
version: "1.0"
|
||||
metadata:
|
||||
description: Strict policy for serverless workloads
|
||||
tags:
|
||||
- serverless
|
||||
- prod
|
||||
- strict
|
||||
rules:
|
||||
- name: Block High And Above
|
||||
severity: [High, Critical]
|
||||
action: block
|
||||
|
||||
- name: Forbid Unpinned Base Images
|
||||
tags: [image:latest-tag]
|
||||
action: block
|
||||
|
||||
- name: Require Trusted VEX
|
||||
action:
|
||||
type: require_vex
|
||||
requireVex:
|
||||
vendors: [VendorX, VendorY]
|
||||
justifications: [component_not_present]
|
||||
|
||||
- name: Quiet Medium Canary
|
||||
severity: [Medium]
|
||||
environments: [canary]
|
||||
action:
|
||||
type: ignore
|
||||
until: 2025-12-31T00:00:00Z
|
||||
justification: "Temporary canary exception"
|
||||
Reference in New Issue
Block a user