Custom Policies

Deepbits regulation feature can help your organization to build regulatory compliance software.
We're currently supporting creating policies and checking license issues in your docker images or On-premises files.

Policy

A policy can contain a name, a condition, and a violation result. assume your organization is building a web CMS system for commercial use. Then a few licenses should consider them as high risk to use like GNU Lesser General Public License v2.1 or later. Since the license requires you to release any code you make under the same copyleft license terms to be able to distribute and modify the code.

How to use

Create a policy

You can the "add new policy" button on the Regulations - Policy page.
A new policy requires

  • Name - A helpful name to indicate what's the policy for
  • Operator - You can choose either All or Any. All means all the conditions under the policy should all met. Any means if one of the conditions meet then the policy will trigger a violation state as you set up.
  • Violation - If the policy match conditions which level of violation do you want it to be. Different violation means different level you should pay attention to.

Setup policy condition

A policy can have one or multiple conditions. Each condition requires a few fields.

  • Subject - Which subject do you want to enforce. Currently, we support license and license groups.
  • Operator - Usually the operator can be "is" or "is not".
    Value - The content of the condition.

Example: I want all my resources not to contain an AGPL-1.0 license.
The subject should be "license", Operator should be "is not". The value should be AGPL-1.0.

Choose which resource to enforce on

By default, a policy will apply to all your resources like On-premises images, AWS ECR images, and On-premises files.

But if you want only apply to specific resources you can change the "Policy Enforced on" section.

Policy evaluation result

A policy will be evaluated when

  • When policy changed. we'll execute the policy once you modify the policy content.
  • When your resource got a new scan result. Example: when you push changes to your AWS ECR image, we'll rescan the image and evaluate the policy again once we have the scan result.

Regulation dashboard

You can see a regulation summary on every resource detail page(Docker image or On-premises file).
Each summary shows the current violation state and you can click to see the execution detail.

License

You can check all the licenses and license groups we support to detect. Each license contains a license detail page for a better description.