Skip to main content

Understanding custom rules

In addition to Datree's built-in rules, you can also write your own rules and add them to your policies.
The custom rule engine is based on JSON Schema, so it supports both YAML and JSON declarative syntax.

Custom rules can be written directly in JSON Schema, in Rego, or in CEL.

Note

Note that using custom rules is possible only when in Policy as code mode.

Looking for examples? See the examples page.

Quick start

  1. Enable Policy-as-code mode
  2. Create a policies YAML file with your custom rule (attached to any policy)
  3. Publish the policies YAML file

Required format

Custom rules and the policies file they reside in must satisfy certain requirements.
For examples of both, see the examples page.

Rule format

Every custom rule must have the following properties:

  • identifier - a unique ID to associate with a policy.
  • name [OPTIONAL] - a title that will be shown in Datree's output when a rule fails.
  • defaultMessageOnFailure [OPTIONAL] - a message that is shown when the property policies.name[].rules.messageOnFailure is empty (unique to each identifier).
  • schema - a custom rule logic written in JSON Schema (as YAML), in Rego, or in CEL.

Policies file format

The policies file must have the following properties:

  • policies - an array of policies, each with the following properties:
    • name - the name of the policy.
    • rules - an array of rules, each with the following properties:
      • identifier - a unique ID to associate with a policy.
      • messageOnFailure - the message to display in Datree's output when the rule fails.
  • customRules - an array of rules with the format mentioned above.