Policy as code is a powerful way to scale security and compliance across modern DevOps pipelines, but writing Rego from scratch is a high barrier to entry. We’ve introduced Policy Templates to provide functional starting points, allowing you to deploy validated security guardrails without coding from scratch.

What’s new

We’ve added a library of pre-configured Rego templates to Cloudsmith’s policy manager. When creating a new policy, you can now browse and deploy policies for common security and compliance use cases, including:

• Vulnerability & malware management: Automatically quarantine packages with detected malware or high-severity vulnerabilities when fixes are available.
• Licensing compliance: Flag packages with copyleft licenses (GPL, LGPL, AGPL, MPL, etc.) to ensure legal compliance.
• Supply chain guardrails: Use explicit allowlists or blocklists to control exactly which package versions are permitted in your environment.

You can use any template as a baseline and modify the underlying code to fit your specific environment.

Why this matters

While every organization has unique requirements, these templates offer a solid security foundation that anyone can implement on day one. They provide a "Secure by Default" starting point, giving you the full power of a code-based engine without the "blank page" problem.

How to get started

1. Navigate to your Workspace and select Policies from the primary navigation.
2. Click the Create New Policy button to launch the creation workflow.
3. Within the configuration modal, select the Start from a Template option to browse the library.
4. Once you find a template, select Use Template.

From there, you can review or edit the underlying Rego code to fit your needs before saving the policy.

These features are in Early Access. If you’re looking to scale your software supply chain security with custom, code-based guardrails, we’d love to help you get set up. Contact us to get started today.