Create Custom Rules and Policies

To boost security, ensure compliance, and customize Spotter to meet your unique requirements, you can create custom rules to enforce regulations, establish playbook standards, define modules and collections, enforce naming conventions, limit required values on specific modules, and much more. Watch DEMO .

Write Custom Rules

Spotter uses Open Policy Agent (OPA) to define Custom rules. These rules are written in a human-readable format using the Rego language. You don’t need to know any programming language to write them, you just need to understand how to write Rego files.

To create a rule, write it in .rego format and define the task, region and message. Remember that each custom policy should contain a subcode that identifies specific rules.

Set the Rules

In the Spotter app , navigate to the Custom rules section. Choose if the rule should apply to the entire organization or just a specific project, click Set Policies, upload your file, and your custom rule is instantly applied for all users.

If you prefer the command line, you can also set custom rules using the CLI. Run the following command:

$ spotter policies set policy.rego 

By default, this applies the rule organization-wide. If you want to apply it to a specific project, simply add the project ID:

$ spotter policies set --project-id <project-id> policy.rego 

You can upload more policies at once by using $ spotter policies set <foldername>/

Clearing Policies

To remove a custom policy, you can either click Clear Policies in the Spotter App or use the CLI with the following command:

$ spotter policies clear