From 4275b572e6f266ddc398f8c0238c7b97b01b8856 Mon Sep 17 00:00:00 2001
From: Brad <furi0us333@gmail.com>
Date: Tue, 16 Jul 2024 20:01:12 -0500
Subject: [PATCH] add new rego files

---
 all_crit_no_vuln.rego | 17 +++++++++++++++++
 suspicious_ip.rego    | 14 ++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 all_crit_no_vuln.rego
 create mode 100644 suspicious_ip.rego

diff --git a/all_crit_no_vuln.rego b/all_crit_no_vuln.rego
new file mode 100644
index 0000000..b354975
--- /dev/null
+++ b/all_crit_no_vuln.rego
@@ -0,0 +1,17 @@
+# METADATA
+# title: All Critical (except Software Vulnerability)
+# description: |
+#    Blocks Critical issues (except software vulnerabilities)
+package policy.v1
+
+import data.phylum.domain
+import data.phylum.level
+import rego.v1
+
+# METADATA
+# title: Critical issue
+deny contains issue if {
+	some issue in data.issues
+	issue.domain != domain.VULNERABILITY
+	issue.severity == level.CRITICAL
+}
diff --git a/suspicious_ip.rego b/suspicious_ip.rego
new file mode 100644
index 0000000..8529f3a
--- /dev/null
+++ b/suspicious_ip.rego
@@ -0,0 +1,14 @@
+# METADATA
+# title: Suspicious IP References
+# description: |
+#    Block packages containing suspicious IP addresses
+package policy.v1
+
+import rego.v1
+
+# METADATA
+# title: Suspicious IP reference
+deny contains issue if {
+	some issue in data.issues
+	issue.tag == "CM0001"
+}