Enforcing Policy

Enforce CircleCI behavior with Configuration Policy Manager

DevOps.. The classic struggle of power and control, change and stability, speed and governance.

With CircleCI, consider DevOps solved with our empowered Configuration-as-Code configuration that application teams love now enforced with out Policy Mangement engine to inspect and control any aspect of the software pipeline !

The platform uses Open Policy Agent’s Policy-as-Code to inspect all aspects of config.yml and block or warn the build.

Control Resource Costs
Control Resource “Ownership” (limit to teams, etc)
Enforce staged deployments
Restrict environment permissions
Deprecate or Mandate Images, Orbs, and Executors
Require Code-Scanning, Security, or Governance jobs
Disable SSH access for senstive contexts

Start with the Docs

Our Config Policy Docs should cover all the introductory information needed to get familiar before jumping into specific cases here.

Topics

Policy as Pipeline
Policy Testing
Restrict Resource Class
Restrict Unverified Orbs
Restrict Environment Access
Restricting A Full Config File
Restricting Common Config File Keys
Restricting Credential Access by Project