chainloop icon indicating copy to clipboard operation
chainloop copied to clipboard

Published 20 hours ago verified publisher icon chainloop-dev

support a way to explicitly disable policies in a group

Open migmartri opened this issue 3 weeks ago • 4 comments

Currently, when you reference a policy group, all the policies inside are created. My proposal is to have an attribute in the attachment of the policy groups in the contract that allows you to explicitly disable policies you want to skip.

For example, having this contract that runs all the policies in the quality group

apiVersion: chainloop.dev/v1
kind: Contract
metadata:
  name: example-contract
spec:
  policyGroups:
    - ref: file://groups/sbom-quality-group.yaml
      with:
        bannedComponents: [email protected]

We could have

apiVersion: chainloop.dev/v1
kind: Contract
metadata:
  name: example-contract
spec:
  policyGroups:
    - ref: file://groups/sbom-quality-group.yaml
      with:
        bannedComponents: [email protected]
        bannedLicenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-3.0-only, AGPL-3.0-or-later
      skip:
        - sbom-present
        - my-other-policy

migmartri avatar Nov 16 '25 21:11 migmartri