Policy Configuration Reference
Technical rules for thresholding, inheritance, exception lifecycle, and policy-evaluation precedence.
Threshold Levels
- Critical: blocks merge by default.
- High: configurable block or warn mode.
- Medium/Low: report-only by default unless explicitly escalated.
- Category Overrides: allows stricter handling for selected finding categories.
Scope And Inheritance
- Org policy defines baseline defaults.
- Repository policy may override allowed fields only.
- Branch protection rules can enforce required checks independent of threshold.
- Environment-specific policy applies at deploy/runtime verification stages.
Evaluation Precedence
- Hard deny category controls (if configured)
- Active, valid exemptions scoped to finding/repository/branch
- Repository threshold policy
- Organization baseline policy
- Default platform behavior
Exemption Requirements
- Must include owner, justification, and expiry date.
- Must be scoped minimally (finding, repo, branch, or commit).
- Expired exemptions are ignored at evaluation time.
- All exemption use is retained in policy decision evidence.