Security Policies
Create custom security rules for your organization.
Create a Policy
Initialize a policy file:
alprina policy initThis creates ~/.alprina/policy.yml:
policy.yml
version: "1.0"
name: "My Security Policy"
# Allowed domains for remote scans
domains:
allow:
- "github.com"
- "gitlab.com"
block:
- "*.suspicious-domain.com"
# Severity levels to fail on
fail_on: "high" # low, medium, high, critical
# Custom rules
rules:
- name: "No hardcoded secrets"
type: "secret_detection"
severity: "critical"
enabled: true
- name: "SQL injection check"
type: "sql_injection"
severity: "high"
enabled: true
- name: "XSS detection"
type: "xss"
severity: "high"
enabled: true
# File exclusions
exclude:
- "node_modules/**"
- "**/*.test.js"
- ".git/**"Test a Policy
Test policy rules:
alprina policy test https://example.comPolicy Examples
Strict Policy
strict-policy.yml
version: "1.0"
name: "Strict Security Policy"
fail_on: "medium"
rules:
- name: "No secrets"
type: "secret_detection"
severity: "critical"
- name: "No eval()"
type: "code_injection"
severity: "critical"
- name: "Require authentication"
type: "auth_check"
severity: "high"Development Policy
dev-policy.yml
version: "1.0"
name: "Development Policy"
fail_on: "critical"
rules:
- name: "Critical vulnerabilities only"
type: "all"
severity: "critical"
exclude:
- "tests/**"
- "**/*.spec.js"Use Custom Policy
alprina scan ./src --policy custom-policy.ymlNext Steps
- Advanced Configuration - Power user features
- CLI Reference - Policy commands
- Troubleshooting - Common issues
Last updated on