Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@pulumi/policy
Advanced tools
Pulumi Policy SDK
Overview
Define and manage policy for cloud resources deployed through Pulumi.
Policy rules run during pulumi preview and pulumi up, asserting that cloud resource definitions
comply with the policy immediately before they are created or updated. Policies may optionally define
remediations that automatically fix policy violations rather than issue warnings.
During preview, every rule is run on every resource, and policy violations are batched up
into a final report. During the update, the first policy violation will halt the deployment.
Policy violations can have enforcement levels that are advisory, which results in a printed
warning, or mandatory, which results in an error after pulumi preview or pulumi up completes.
The enforcement level remediate is stronger than both and enables automatic remediations.
Getting Started
Please see Get Started with Policy as Code to get started authoring and enforcing policies.
Documentation
For additional documentation, guides, best practices, and FAQs, see Policy as Code.
Examples
Looking for examples? Please refer to the examples repo.
Languages
Policies can be written in TypeScript/JavaScript (Node.js) or Python and can be applied to Pulumi stacks written in any language.
| Language | Status | |
|---|---|---|
 | TypeScript | Stable |
 | JavaScript | Stable |
 | Python | Preview |
 | .NET | Coming Soon |
 | Go | Coming Soon |
FAQs
A framework for writing policy as code
The npm package @pulumi/policy receives a total of 19,854 weekly downloads. As such, @pulumi/policy popularity was classified as popular.
We found that @pulumi/policy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 23 Jul 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025