Policy

Policy#

Policy Engine Attributes#

Attributes emitted by policy engines (OPA, Gatekeeper, etc.) during policy evaluation and enforcement. Maps to GEMARA Layer 4 (Evaluation) for Policy-as-Code workflows.

Attribute	Type	Description	Examples	Stability
policy.engine.name	string	Name of the policy engine that performed the evaluation or enforcement action.	OPA; Gatekeeper; Conftest; Sentinel
policy.engine.version	string	Version of the policy engine.	v3.14.0; v0.45.0; v1.2.3; v2.0.1
policy.evaluation.message	string	Additional context about the policy evaluation result.	The policy evaluation failed due to a missing attribute.
policy.evaluation.result	string	Outcome of the policy rule evaluation, indicating the result of the policy check.	Not Run; Passed; Failed
policy.rule.id	string	Unique identifier for the policy rule being evaluated or enforced.	deny-root-user; require-encryption; check-labels
policy.rule.name	string	Human-readable name of the policy rule.	Deny Root User; Require Encryption; Check Resource Labels
policy.rule.uri	string	Source control URL and version of the policy-as-code file for auditability.	github.com/org/policy-repo/b8a7c2e; gitlab.com/company/policies@v1.2.3
policy.target.environment	string	Environment where the target resource or entity exists.	production; staging; development
policy.target.id	string	Unique identifier for the resource or entity being evaluated or enforced against.	deployment-123; resource-456; user-789
policy.target.name	string	Human-readable name of the resource or entity being evaluated or enforced against.	frontend-deployment; s3-bucket-secrets; admin-user
policy.target.type	string	Type of the resource or entity being evaluated or enforced against.	deployment; resource; user; configuration

policy.evaluation.result has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.