Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/examples/policies/chainloop-commit.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ spec:
msg := "missing commit in attestation material"
}

has_commit {
has_commit if {
some sub in input.subject
sub.name == "git.head"
sub.digest.sha1
Expand Down
5 changes: 2 additions & 3 deletions docs/examples/policies/chainloop-qa.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -61,9 +61,8 @@ spec:
msg:= "Container image is not approved"
}

is_approved {
is_approved if {
input.predicate.annotations.approval == "true"
some material in input.predicate.materials
material.annotations["chainloop.material.type"] == "CONTAINER_IMAGE"

input.predicate.annotations.approval == "true"
}
11 changes: 6 additions & 5 deletions docs/examples/policies/policy-template.rego
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,13 @@ skipped := false if valid_input
########################################

# Validates if the input is valid and can be understood by this policy (3)
valid_input if {
# insert code here
}
valid_input := true

# insert code here

# If the input is valid, check for any policy violation here (4)
violations contains msg if {
valid_input
# insert code here
valid_input
}

# insert code here
2 changes: 1 addition & 1 deletion docs/examples/policies/sarif-errors.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ spec:
msg := "There are errors in the SARIF report"
}

has_errors {
has_errors if {
some run in input.runs
some result in run.results
result.level == "error"
Expand Down
2 changes: 1 addition & 1 deletion docs/examples/policies/trivy-vulns.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ spec:
msg := "CVE report has vulnerabilities with severity MEDIUM or HIGH"
}

has_vulnerabilities {
has_vulnerabilities if {
severities := ["HIGH", "MEDIUM"]
some result in input.Results
some vuln in result.Vulnerabilities
Expand Down
Loading