Merge pull request #10 from phylum-dev/brad/updates

Add All Crit and Sus IP regos
phylum-dev · Jul 17, 2024 · 6d8db56 · 6d8db56
2 parents 7cdce5e + 146a82a
commit 6d8db56
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 0 deletions.
diff --git a/all_crit_no_vuln.rego b/all_crit_no_vuln.rego
@@ -0,0 +1,17 @@
+# METADATA
+# title: All Critical (except Software Vulnerability)
+# description: |
+#    Blocks Critical issues (except software vulnerabilities)
+package policy.v1
+
+import data.phylum.domain
+import data.phylum.level
+import rego.v1
+
+# METADATA
+# title: Critical issue
+deny contains issue if {
+	some issue in data.issues
+	issue.domain != domain.VULNERABILITY
+	issue.severity == level.CRITICAL
+}
diff --git a/copyleft_license.rego b/copyleft_license.rego
@@ -0,0 +1,14 @@
+# METADATA
+# title: Copyleft license
+# description: |
+#    Block packages that have a copyleft license
+package policy.v1
+
+import rego.v1
+
+# METADATA
+# title: Copyleft license
+deny contains issue if {
+	some issue in data.issues
+	issue.tag == "IL0050"
+}
diff --git a/suspicious_ip.rego b/suspicious_ip.rego
@@ -0,0 +1,14 @@
+# METADATA
+# title: Suspicious IP References
+# description: |
+#    Block packages containing suspicious IP addresses
+package policy.v1
+
+import rego.v1
+
+# METADATA
+# title: Suspicious IP reference
+deny contains issue if {
+	some issue in data.issues
+	issue.tag == "CM0001"
+}