Create Custom Policies

To boost security, ensure compliance, and customize Spotter to meet your unique requirements, you can create custom policies to enforce regulations, establish playbook standards, define modules and collections, enforce naming conventions, limit required values on specific modules, and much more. Watch DEMO .

Write Custom Policies

Spotter uses Open Policy Agent (OPA) to define Custom policies. These policies are written in a human-readable format using the Rego language. You don’t need to know any programming language to write them, you just need to understand how to write Rego files.

To create a policy, write it in .rego format and define the task, region and message. Remember that each custom policy should contain a subcode that identifies specific policies.

Set the Policies

In the Spotter app , navigate to the Custom policies section. Choose if the policy should apply to the entire organization or just a specific project, click Set Policies, upload your file, and your custom policy is instantly applied for all users.

If you prefer the command line, you can also set custom policies using the CLI. Run the following command:

$ spotter policies set policy.rego

By default, this applies the policy organization-wide. If you want to apply it to a specific project, simply add the project ID:

$ spotter policies set --project-id <project-id> policy.rego 

You can upload more policies at once by using $ spotter policies set <foldername>/

Clearing Policies

To remove a custom policy, you can either click Clear Policies in the Spotter App or use the CLI with the following command:

$ spotter policies clear