policy.json
1 { 2 "$schema": "../spec/policy-schema.json", 3 "version": "1", 4 "description": "Starter trust policy for Cerro Torre", 5 6 "default_action": "deny", 7 8 "signers": { 9 "allowed": [ 10 { 11 "key_id": "*", 12 "comment": "Trust any signer (permissive for getting started)" 13 } 14 ], 15 "threshold": 1 16 }, 17 18 "registries": { 19 "allowed": [ 20 "docker.io/library/*", 21 "ghcr.io/*", 22 "quay.io/*" 23 ], 24 "blocked": [] 25 }, 26 27 "suites": { 28 "allowed": ["CT-SIG-01", "CT-SIG-02", "CT-SIG-03", "CT-SIG-04"], 29 "minimum": "CT-SIG-01" 30 }, 31 32 "require_attestations": { 33 "provenance": false, 34 "sbom": false 35 } 36 }