-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: Update policy documentation (#194)
- Brought policy to the top level of the side nav as it seems like a prominent feature at this point - The previous documentation was focused on developing custom policies, so I consolidated that - I created a page for usage and a page for management of policies --------- Co-authored-by: Charles Coggins <[email protected]> Co-authored-by: Jana Sheehan <[email protected]>
- Loading branch information
1 parent
ab10664
commit cd07331
Showing
12 changed files
with
211 additions
and
187 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,7 @@ | ||
# Policy | ||
|
||
Phylum's custom policy support allows you to take control over the allow/block decision for dependencies being added to a Phylum project. | ||
Phylum uses a policy framework implemented with [Open Policy Agent] to evaluate dependencies and provide tailored results. A default set of Phylum-provided policies will be applied to all newly created groups/projects. Phylum PRO users may customize their resultant policy by toggling policies on/off in the Phylum UI. | ||
|
||
## How it works | ||
|
||
When a developer introduces dependency changes, either in a pull request when using one of the source control server integrations or when using Phylum's CLI extensions, a simple policy is applied to determine whether or not that change should be allowed. This policy is implemented using [Open Policy Agent]. | ||
|
||
Phylum PRO users may specify custom policies for their projects, automating their threat model for risk decisions. | ||
Phylum PRO users may also [develop custom policies](./policy_development.md) using the [rego query language](https://www.openpolicyagent.org/docs/latest/policy-language/) and apply those policies to their groups/projects. | ||
|
||
[Open Policy Agent]: https://www.openpolicyagent.org/ |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
# Policy Management | ||
|
||
## Add custom policy | ||
|
||
Phylum allows group administrators to upload and apply custom policies. Whether added via the project or group view, these policies are stored at the group level and available to all projects in the group. | ||
|
||
![Project custom policy button](../../assets/project_custom_policy_button.png) | ||
|
||
The Phylum UI uses the metadata at the top of the policy file (rego) to display a `title` and `description` for the policy list, so this data is highly recommended. | ||
|
||
## Remove custom policy | ||
|
||
Removal of a custom policy requires the policy to be inactive on all projects. Removal is a destructive action and can only be performed by a group administrator. Phylum-provided policies cannot be removed from the available list. To remove a custom policy from the group, use the trash can icon on the policy tab of the group details view. | ||
|
||
![Remove custom policy](../../assets/remove_custom_policy.png) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Policy Usage | ||
|
||
The Phylum policy framework allows you to overlay your threat model and block packages by surfacing issues for packages that violate the defined policy. | ||
|
||
## Group Policy | ||
|
||
Policies applied at the group level will be inherited by all projects belonging to the group. Only a group administrator can add, remove, enable, and disable group policies. | ||
|
||
Group administrators may activate/deactivate group policies by selecting the `Policy` tab in the Group detail view. Use the toggles to activate or deactivate a policy from applying to all of the projects in that group. | ||
|
||
![Group policy tab](../../assets/group_policy_tab.png) | ||
|
||
## Project Policy | ||
|
||
Project policies can be applied to individual projects (in addition to any inherited group policies). This allows you to further customize the resultant policy for a specific project. | ||
|
||
> ⚠️ **INFO** ⚠️ | ||
> | ||
> Inherited group policies cannot be deactivated at the project level. | ||
Group members may activate/deactivate project policies by selecting the `Policy` tab in the Project Details view. Use the toggles to activate or deactivate a policy from applying to that specific project. | ||
|
||
![Project policy tab](../../assets/project_policy_tab.png) |
Oops, something went wrong.