You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Support updating a policy file based on aqua.yaml.
Add packages used in aqua.yaml to a policy file.
Why is the feature needed?
To improve the security.
To prevent malicious packages from being used in CI, we should manage the whitelist of packages by policy file.
But it's bothersome to manage a policy file and update it every time we start using a new package.
So it's useful to add a command updating a policy file based on aqua.yaml.
Workaround
Maintain a policy file manually.
This is bothersome.
Example Code
$ aqua policy update aqua-policy.yaml aqua.yaml foo/aqua.yaml ...
Feature Overview
Support updating a policy file based on aqua.yaml.
Add packages used in aqua.yaml to a policy file.
Why is the feature needed?
To improve the security.
To prevent malicious packages from being used in CI, we should manage the whitelist of packages by policy file.
But it's bothersome to manage a policy file and update it every time we start using a new package.
So it's useful to add a command updating a policy file based on aqua.yaml.
Workaround
Maintain a policy file manually.
This is bothersome.
Example Code
$ aqua policy update aqua-policy.yaml aqua.yaml foo/aqua.yaml ...
aqua-policy.yaml is updated based on aqua.yaml.
Note
https://aquaproj.github.io/docs/reference/security/policy-as-code/
To prevent aqua-policy.yaml from being tampered in CI, you should manage aqua-policy.yaml on the default branch and synchronize it in CI.
https://github.com/suzuki-shunsuke/simple-sync-action
The text was updated successfully, but these errors were encountered: