- Define specific requirements for each environment (e.g, dev, staging, prod)
- Enforce consistent compliance standards across your deployment pipeline
- Prevent non-compliant artifacts from being deployed (via admission controllers)
Create a Policy
You can create a policy via CLI or via the API. Here is a basic policy that requires provenance and specific attestations:prod-policy.yaml
Once you create a policy, you will be able to see it in the UI under
policies in the left navigation menu.Policy rules
A policy consists of rules which are applied to artifacts in an environment snapshot.Provenance
Whenprovenance is set to required: true, the artifact must be part of a Kosli Flow (i.e., it must have
provenance information).
Trail compliance
Whentrail-compliance is set to required: true, the artifact must be part of a compliant Trail in its Flow.
Specific attestations
Exceptions
You can add exceptions to policy rules using policy expressions.Attaching/Detaching Policies to/from Environments
Once you define your policies, you can attach them to environments via CLI or API:If you detach all attached policies from an environment, the environment compliance state will become Unknown since there are no longer any defined requirements for artifacts running in it. The environment will continue to
track snapshots, but its compliance cannot be evaluated without policies.