This topic explains how to create Assurance Policies to determine the compliance of code repositories and perform other operations relating to them.

View Assurance Policies

To view the Assurance Policies:

  1. In the Supply Chain Security module, from the left menu, click Assurance Policies. A list of all existing Assurance Policies is shown.
  2. Click the name of the policy to open the policy for review or editing.

Create an Assurance Policy

  1. At the top right side of the Assurance Policies page, click Create Policy.
  2. Enter the name of the policy. Upper and lowercase letters, digits, dashes, and underscores are allowed.
  3. (Optional) Enter a description of the policy.
  4. Select either Fail PRs or Fail Builds to fail the PRs or builds respectively if the code repository used for the PRs or builds is not compliant with Assurance Policy. Disabling Audit Message is not allowed as Aqua will always log an audit event if the code repository is not compliant with the policy.
  5. To add scope, select resource type, property, and value and click Add. You can add multiple scope terms as required. For more information on the scope definition, refer to Assurance Policies.
  6. (Optional) If you select either Fail PRs or Fail Builds, click + Set start failing date to specify the number of days to fail the PRs or builds after they are created, on non-compliance of the policy. If you do not set the scheduler, the policy will automatically fail PRs or builds immediately after they are created.
  7. In the Controls section, click controls from the list on the left pane, to include them in the policy. For more information on the controls, refer to Assurance Policies.
  8. Click Save.

Disable Assurance Policies

When you create a policy, it is enabled by default. In the Assurance Policies page, you can disable the specific Assurance Policies by selecting the Enabled toggle for the policies.

Modify an Assurance Policy

  1. In the Assurance Policies page, select a policy from the list.
  2. Make changes to the policy definition, as necessary. To remove a control that is included in a policy, click the X next to it.
  3. Click Save.

Delete Assurance Policies

You can delete any or all Assurance Policies. To delete a policy, check the box next to the policy or policies to be deleted, and then click the Delete button.

Export Assurance Policies

Exporting and importing Assurance Policies is useful especially for distributing policies from one Aqua environment to another. One or multiple Assurance Policies can be exported to a JSON file

To export Assurance Policies, select the box next to the policy (or policies) that you want to export (or check the box next to Name column, to select all policies), and then click the Export button. The selected policies will be exported to a JSON file with a standard file name (which you may want to rename).

Import Assurance Policies

To import all the Assurance Policies from a JSON file (produced per the Export instructions above):

  1. In the Assurance Policies page, click the Import button at the top right of the page. Import Assurance Policies dialog appears.
  2. In the Import Assurance Policies dialog, click the Attachment icon.
  3. Browse the JSON file from your machine whose policy (or policies) that you want to import.
  4. If you do not want the import to replace the existing Assurance Policies with the same name, select Do not replace existing policies.
  5. Click Import.