Policies

Automate package workflows with rules for your registries

What are Policies?

Policies are rules that are executed before any registry action is applied. Example policy rules include freezing registries (making them read only) and only allowing packages that are scanned and secure.

How to configure Policies

Policies are configured on a per registry level and configurations are not shared between registries. This allows users to tailor registries to different needs.

Configuration is done in the Bytesafe web console, in the Plugins tab for a registry

Policies overview

To enable a policy you require, toggle the selected switch to enabled.

Policy settings

Some policies include additional settings that allow more fine-grained control over how the policies functions. Depending on the plugin, settings can be optional or mandatory. For example the Whitelist and Blacklist policies require definitions.

To access the policy settings, click on the settings link below the toggle switch for the specific policy.


Blacklist policy

Prevents blacklisted packages and package versions from being added to a registry

Block downstream policy

Prevents updates from downstream registries.

Freeze policy

Prevents any changes to the registry contents. The registry will be read-only.

Immutable versions policy

Disallows existing versions of a package to be overwritten by publish/push/pull.

Scanned policy

Only allow packages scanned by the Vulnerability Scanner in a registry

Secure policy

Prevent packages flagged for known vulnerabilities to be added to any registry.

Whitelist policy

Allows only whitelisted packages and package versions to be added to a registry