This is a bare-bones 'Infrastructure as Code' Policies project where policies are open to public.
The IaC policies will be verified by Palo Alto Networks(PANW) before they are available publicly.
To contribute, just add/update the IaC policies and create a PR.
It's a Java maven project. Go to iac-policies project root directory and run $ mvn clean install.
Yes, you need
- Java JDK or any other Java 8 version.
- Apache Maven 3
There are respective folders for each template type(cft, tf & k8s) under: src/main/resouces/content/
Please create PR against development branch. Development branch is used for development and testing. By default PRs are raised against development branch.
Yes, Please go here for step wise documentation on how to write a policy with rule.
Once the rules are written and added to the respective directory & the build is successful on the local machine, then you can go ahead and push your changes to create PR.
Once PR is generated, one non-author review approval + health check needs to passed to be merged to development branch. Add reviewer for your changes to be reviewed. Before merging to development branch, it will be reviewed by PANW team as well.
Its likely because rebase is required with development branch or build failure due to compilation/unit tests. Please see the details in health check and take appropriate action.
Master branch is treated as production branch. If your changes are merged on any day by 11pm, they are available to be used publicly by end of that day. Please check the doc in next question: If the policy is available in that doc, its already in use in production.