sbom-diff-and-risk identifies the serialized policy contract with:
policy_schema: sbom-diff-risk.policy.v1The separate integer version remains the policy capability level: 1 for
local rules, 2 for provenance-aware rules, and 3 for optional
Scorecard-aware rules. Keeping these concepts separate lets the serialized
contract evolve without relabeling existing rule capability levels.
The schema is intentionally conservative and fail-closed:
- unknown rule ids are rejected
- unknown top-level keys are rejected
- unknown
policy_schemavalues are rejected - invalid types are rejected
- policies that omit
policy_schemaremain readable as v1.0-compatible input - normalized policy output always records
sbom-diff-risk.policy.v1 - version
1remains the v0.2-compatible schema and existing v0.2 policies continue to work unchanged - version
2adds provenance-aware gating for explicit PyPI enrichment evidence - version
3adds optional Scorecard-aware gating for explicitly requested Scorecard enrichment
policy_schema: sbom-diff-risk.policy.v1version: 1block_on: [rule_id, ...]warn_on: [rule_id, ...]max_added_packages: intallow_sources: [host, ...]ignore_rules: [rule_id, ...]
new_packagemajor_upgradeversion_change_unclassifiedunknown_licensesuspicious_sourcestale_packagemax_added_packagesallow_sources
Version 2 supports every version 1 field plus:
require_attestations_for_new_packages: boolrequire_provenance_for_suspicious_sources: boolallow_unattested_packages: [package_name, ...]allow_provenance_publishers: [publisher_kind, ...]allow_unattested_publishers: [publisher_kind, ...]as an accepted compatibility alias forallow_provenance_publishers
allow_provenance_publishers is the canonical publisher override field. The
parser also accepts allow_unattested_publishers as an alias when teams want a
more explicit override-style name in review. Neither field treats missing
attestations as trusted; they only constrain which attested publisher kinds
count as verified provenance.
Version 2 supports every version 1 rule id plus:
missing_attestationunverified_provenanceprovenance_unavailableprovenance_required
Version 3 supports every version 1 and 2 field plus:
minimum_scorecard_score: float
minimum_scorecard_score is advisory by itself. It only affects policy outcomes
when you also opt into the scorecard_below_threshold rule through block_on,
warn_on, or ignore_rules.
Version 3 supports every version 1 and 2 rule id plus:
scorecard_below_threshold
block_onturns matching rule ids into blocking violations.warn_onturns matching rule ids into warnings.- If a rule is present in both
block_onandwarn_on, block wins. max_added_packagesenforces a deterministic threshold on the added component count.allow_sourcesenforces exact host matches againstsource_urlhosts for added and changed components.ignore_rulessuppresses matching rule ids entirely.missing_attestationmeans PyPI release metadata was fetched successfully but no attestations were present.provenance_unavailablemeans the run did not have usable provenance evidence for that package, for example because enrichment was disabled, unsupported, or failed.unverified_provenancemeans attestations were present, but the provenance could not be verified against publisher metadata.provenance_requiredis a policy-only rule emitted when an explicit provenance requirement was not satisfied.require_attestations_for_new_packagesapplies only to added PyPI packages.require_provenance_for_suspicious_sourcesapplies only when the component also triggeredsuspicious_source.allow_unattested_packagesis a narrow package-name override for explicit missing-attestation exceptions only.allow_unattested_packagesdoes not waiveprovenance_unavailableorunverified_provenance; those remain separate, reviewable policy decisions.allow_provenance_publishersandallow_unattested_publishersapply only when attestations exist and publisher kinds are available to verify.- when enrichment is disabled, deterministic local mode is unchanged unless a provenance-aware policy explicitly turns unavailable evidence into a warning or block.
minimum_scorecard_scoredoes not create alerts or blocks on its own; it only becomes enforceable whenscorecard_below_thresholdis configured explicitly.- Scorecard evidence remains an auxiliary trust signal. A high score is not proof of safety, and missing Scorecard data is not proof of risk.
For the JSON policy finding explanation fields emitted after policy evaluation, see policy-decision-explainability.md.
policy_schema: sbom-diff-risk.policy.v1
version: 1
block_on:
- unknown_license
- stale_package
warn_on:
- new_package
max_added_packages: 2
allow_sources:
- pypi.org
- files.pythonhosted.org
ignore_rules:
- major_upgradepolicy_schema: sbom-diff-risk.policy.v1
version: 2
block_on:
- provenance_required
- provenance_unavailable
warn_on:
- missing_attestation
require_attestations_for_new_packages: true
require_provenance_for_suspicious_sources: true
allow_unattested_packages:
- pip
allow_unattested_publishers:
- github actionspolicy_schema: sbom-diff-risk.policy.v1
version: 3
warn_on:
- scorecard_below_threshold
minimum_scorecard_score: 7.0