Skip to content

Commit 9313a32

Browse files
Policy Enforcement
1 parent 48f95cf commit 9313a32

1 file changed

Lines changed: 12 additions & 1 deletion

File tree

docs/roadmap/SBOM_STRATEGY.md

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -719,9 +719,20 @@ goenv sbom scan sbom.json --scanner=veracode
719719
- Exit code management for pipeline control
720720
- Severity-based thresholds (critical, high, medium, low)
721721

722+
- ✅ Policy enforcement engine (goenv sbom policy)
723+
- YAML-based policy configuration for automated governance
724+
- Supply chain security rules (local dependencies, vendoring, retracted versions)
725+
- License compliance validation (allowed/denied/required licenses)
726+
- Vulnerability threshold enforcement (max critical/high/medium)
727+
- Dependency restrictions (allowed/blocked patterns with wildcards)
728+
- Metadata requirements (supplier, author, formats)
729+
- Multiple commands: validate, check (strict mode), generate (template), report
730+
- JSON output for CI/CD integration
731+
- Policy auto-detection from common file locations
732+
- Detailed violation reports with remediation guidance
733+
722734
**Planned:**
723735
- Compliance reporting (SOC 2, ISO 27001, SLSA, SSDF)
724-
- Policy enforcement engine with YAML configuration
725736

726737
#### Phase 6: Analytics & Operations
727738
- Batch operations for multiple projects

0 commit comments

Comments
 (0)