master
96d52884e8
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Implemented PolicyDslValidator with command-line options for strict mode and JSON output. - Created PolicySchemaExporter to generate JSON schemas for policy-related models. - Developed PolicySimulationSmoke tool to validate policy simulations against expected outcomes. - Added project files and necessary dependencies for each tool. - Ensured proper error handling and usage instructions across tools.
31 lines
666 B
YAML
31 lines
666 B
YAML
version: "1.0"
|
|
metadata:
|
|
description: Strict policy for serverless workloads
|
|
tags:
|
|
- serverless
|
|
- prod
|
|
- strict
|
|
rules:
|
|
- name: Block High And Above
|
|
severity: [High, Critical]
|
|
action: block
|
|
|
|
- name: Forbid Unpinned Base Images
|
|
tags: [image:latest-tag]
|
|
action: block
|
|
|
|
- name: Require Trusted VEX
|
|
action:
|
|
type: require_vex
|
|
requireVex:
|
|
vendors: [VendorX, VendorY]
|
|
justifications: [component_not_present]
|
|
|
|
- name: Quiet Medium Canary
|
|
severity: [Medium]
|
|
environments: [canary]
|
|
action:
|
|
type: ignore
|
|
until: 2025-12-31T00:00:00Z
|
|
justification: "Temporary canary exception"
|