Policy sets

What is a Policy Set?

A Policy Set is a named bundle of policies that you can assign to one or more workspaces.

Instead of configuring each workspace one policy at a time, you:

Define Policy Sets that represent your security, and operational goals.
Reuse those sets across many workspaces.
Combine multiple sets on the same workspace when needed.

Core Concepts

You can:

Attach the same Policy Set to many workspaces.
Attach multiple Policy Sets to a single workspace.

For each workspace:

Effective policies = union of policies from all attached Policy Sets.

Why Use Policy Sets?

Policy Sets help you:

Standardize policy across the organization
- Define the “Org Default Baseline” and apply it to all workspaces.
Tailor policy by environment
- Use stricter policies for production, and other sets for development.
Align with frameworks and business goals
- Create sets like:
  - “CIS for AWS”
  - “Cost Optimization”
  - “High & Critical Security Only”

Policy Set in Gomboc Portal

Open the Policy Sets Page

Go to Policy Sets page in the Gomboc portal.
Select the "Default Policy Set" (the default policy set is the prebuilt set for first-time setup).
See which policies are enabled in the Active policies" table.
Browse the bottom Gomboc policy library and add the ones you want to the Active policies table to enable this in the Default Policy Set

Create a New Policy Set

Click Create Policy Set.
Provide:
- Name
- Description Explain when to use this set and what it is optimized for:
  - Target environments (prod, staging, dev).
  - Risk tolerance (e.g., “only high/critical issues” vs “full CIS alignment”).
Assign to Workspaces

Add Policies to the Set

Use the policy catalog to choose which policies to include. You can:

Search by keyword e.g., “Encryption”, “public access”, “Authentication”.
Filter by category Security, compliance, reliability, cost optimization, operations, etc.
Filter by cloud provider / IaC tool/ code resource type e.g., AWS, GCP, Azure, OCI / Terraform, CloudFormation / S3 bucket, kubernetes cluster

Select the policies you want and add them to the Policy Set.

Save the Policy Set

Click Save. Your new Policy Set is now available to run scans.

How Multiple Policy Sets Interact

When you attach multiple Policy Sets to a workspace:

Gomboc collects the list of policies from each attached set.
It merges them into a single effective policy list:
- Policies are de‑duplicated.
At scan time, Gomboc:
- Resolves that effective policy list to the underlying rules.
- Executes those rules during the scan.

What Happens at Scan Time?

When a workspace is scanned:

Gomboc calculates the effective policies:
- Looks up all Policy Sets attached to the workspace.
- Unions their policies.
Gomboc’s engine:
- Turns those policies into a set of underlying rules.
- Runs them against your code.
The scan report shows:
- Which Policy Sets those policies came from.
- Suggested fixes (where applicable).

FAQ

Can I assign multiple Policy Sets to one workspace?

Yes. Workspaces support multiple Policy Sets. The effective policy list is the union of all policies in those sets.

What happens if the same policy is in more than one Policy Set?

It is applied once. Policy Sets are merged and de‑duplicated at scan time.

If I change a Policy Set, do I affect past scans?

No. Past scan results stay as they were. Future scans use the updated Policy Set definition.

PreviousPolicies & Frameworks NextORL overview

Last updated 17 hours ago

hashtagWhat is a Policy Set?

hashtagCore Concepts

hashtagWhy Use Policy Sets?

hashtagPolicy Set in Gomboc Portal

hashtagOpen the Policy Sets Page

hashtagCreate a New Policy Set

hashtagAdd Policies to the Set

hashtagSave the Policy Set

hashtagHow Multiple Policy Sets Interact

hashtagWhat Happens at Scan Time?

hashtagFAQ