Skip to content

feat(vulnerability-policy): add admission control stage#677

Merged
tembleking merged 3 commits intomasterfrom
feat-add-admission-control-vuln-policy
Nov 21, 2025
Merged

feat(vulnerability-policy): add admission control stage#677
tembleking merged 3 commits intomasterfrom
feat-add-admission-control-vuln-policy

Conversation

@tembleking
Copy link
Copy Markdown
Member

@tembleking tembleking commented Nov 5, 2025

This PR adds support for the "admission_control" stage in vulnerability policies.

This includes the addition of two new configurable fields within the configuration block for the "admission_control" stage:

  • failure_action: Defines the action to take when a policy fails (e.g., "reject", "warn").
  • unknown_image_action: Defines the action to take when an image is unknown (e.g., "reject", "rejectAndScan", "warn").

@tembleking
Copy link
Copy Markdown
Member Author

tembleking commented Nov 5, 2025

Blocked until the API is able to ingest the admission_control stage name.

Error: request body has an error: doesn't match schema #/components/schemas/CreatePolicyRequest: Error at "/stages/2/name": value is not one of the allowed values ["runtime","pipeline","registry"]

airadier
airadier previously approved these changes Nov 5, 2025
View reviewed changes
@tembleking tembleking force-pushed the feat-add-admission-control-vuln-policy branch from b397eab to 0541fc6 Compare November 21, 2025 12:47
Jujuyeh
Jujuyeh approved these changes Nov 21, 2025
View reviewed changes
Copy link
Copy Markdown

@Jujuyeh Jujuyeh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tembleking tembleking enabled auto-merge (squash) November 21, 2025 14:02
@tembleking tembleking merged commit 9c6e110 into master Nov 21, 2025
22 checks passed
@tembleking tembleking deleted the feat-add-admission-control-vuln-policy branch November 21, 2025 15:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@airadier airadier airadier approved these changes

@Jujuyeh Jujuyeh Jujuyeh approved these changes

@alecron alecron alecron approved these changes

@mateobur mateobur Awaiting requested review from mateobur

@rosenbloomb-sysdig rosenbloomb-sysdig Awaiting requested review from rosenbloomb-sysdig rosenbloomb-sysdig is a code owner

@ombellare ombellare Awaiting requested review from ombellare ombellare is a code owner

@ivanlysiuk-sysdig ivanlysiuk-sysdig Awaiting requested review from ivanlysiuk-sysdig ivanlysiuk-sysdig is a code owner

@daniel-almeida daniel-almeida Awaiting requested review from daniel-almeida

@jbainbridgesysdig jbainbridgesysdig Awaiting requested review from jbainbridgesysdig jbainbridgesysdig is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tembleking @airadier @Jujuyeh @alecron