# Policy Library

### What is a Policy?

In Gomboc, a policy is a single, named control that the platform can check and remediate. Each policy represents a set of code issues the platform looks for. It’s backed by one or more internal ORL rules that power detection and a deterministic fix.

#### Examples:

* “Encryption At-Rest with Provider Managed Key”
* “Deletion Protection”
* “Immutable Docker Image Tags”

### Each policy has:

* **Name and description** – what it checks and why it matters.
* **Severity -** describes how impacted your business could be by ignoring the recommendation.
* **Risk** – combination operational effort and likelihood of failure by making the change.
* **Category** – security, reliability, operations, cost, etc.
* **Framework/benchmark mappings** – how it aligns to CIS, NIST CSF, PCI, SOC 2, internal frameworks, and so on.
* **Scope over code and platforms** – which code representations and platforms it applies to, including:
  * **Code resource types**
    * e.g., storage buckets, databases, load balancers, IAM roles, Kubernetes, etc.
  * **Tools / IaC formats**
    * e.g., Terraform, CloudFormation, Kubernetes, Helm, and other supported IaC or config formats.
  * **Cloud providers / platforms**
    * e.g., AWS, GCP, Azure, OCI, Kubernetes, and other supported environments.

When you activate a policy in the Policy Sets UI, you’re choosing:

* What should be enforced (the conceptual control),
* Across which tools, code types, and providers (as defined by that policy’s scope).

### Browsing Policies

The Policy Library displays all available policies in a searchable table format:

* **Search**: Use the search bar to find policies by name, description, or tags
* **Tag Filter**: Filter policies by tags such as `terraform`, `AWS`, `kubernetes`, `azure`, `GCP`, `docker`
* **Pagination**: Browse through policies with pagination controls