stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
55464f84984ae579eca18456874ba5ccac6ccf29
git.stella-ops.org/docs/examples/policies/serverless.yaml
root 68da90a11a
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Restructure solution layout by module
2025-10-28 15:10:40 +02:00

42 lines
983 B
YAML
Raw Blame History

version: "1.0"
metadata:
description: Strict policy for serverless workloads
tags:
- serverless
- prod
- strict
exceptions:
effects:
- id: suppress-canary
name: Canary Freeze
effect: suppress
routingTemplate: secops-approvers
maxDurationDays: 14
routingTemplates:
- id: secops-approvers
authorityRouteId: governance.secops
requireMfa: true
rules:
- name: Block High And Above
severity: [High, Critical]
action: block
- name: Forbid Unpinned Base Images
tags: [image:latest-tag]
action: block
- name: Require Trusted VEX
action:
type: require_vex
requireVex:
vendors: [VendorX, VendorY]
justifications: [component_not_present]
- name: Quiet Medium Canary
severity: [Medium]
environments: [canary]
action:
type: ignore
until: 2025-12-31T00:00:00Z
justification: "Temporary canary exception"
Reference in New Issue View Git Blame Copy Permalink