Skip to content

How to Assign Policy to a Resource

Applying a custom policy to a resource implies that all rules and actions set to the policy would be inherited for the resource.

1. Types of Resources

There are three (5) types of resources on BoostSecurity, listed below in a hierarchical manner

  • Account - This is the top-level resource. Your BoostSecurity account contains all the organizations, repositories, image registries, and images. All organizations and their corresponding repos and images would inherit any policy to this resource.
  • Organization - This describes the organizations that contain your repos and other artifacts. Policies applied to specific organizations would override any policy applied on the Account level.
  • Repository - Repos are domiciled within organizations. Policies applied to individual repos override any policy on the Account and Organization levels.
  • Image Registry
  • Image

2. Assign Policy

To apply the custom policy to a resource, choose a type of resource, e.g., an Account, so the policy is inherited by default on all organizations and repos. To do this:

  1. Navigate to the Scanner Coverage page.

  2. Select your BoostSecurity Account and click on the Apply Policy button at the top-right corner.

    Select Account + Apply Policy

  3. Select any policy from the dropdown list and click the Apply button.

    Select Organization and Apply Policy

  4. Return to the Scanner Coverage page, and you can see that the selected policy now applies to your account and all organizations under it alongside their repositories.

    Policy Application

You've successfully assigned a policy to a resource. The next time scans run on your selected resources, the configured actions will be executed when the policy rules are triggered.