Skip to main content

Policies

Define rules, enforce standards, track violations and exceptions, and produce audit-ready evidence.

Vibgrate Docs

Vibgrate Help

Policies is your governance control plane. You define the rules your estate must follow, Vibgrate enforces them against your scans, and the tab tracks violations, exceptions, and the evidence you need to prove compliance.

What you'll see

  • Policies — the rules you've defined, such as banned licenses, minimum framework versions, or required SBOM coverage.
  • Violations — where the estate currently breaks a policy.
  • Exceptions — approved, time-bound waivers, so a justified exception doesn't read as an open violation forever.
  • Evidence — audit-ready proof that policies are in force and being met.

How to use it

Write a policy for the standard you care about, then watch the violations it surfaces. Fix what you can, and grant a documented exception where a violation is justified for now. Exceptions are explicit and tracked — they keep your violation list honest without hiding risk.

Policies, standards, and compliance

A policy is a rule you enforce. A compliance framework (under Risk & Compliance) is the external standard you're held to. Policies are how you operationalize those frameworks — turning "we must comply with X" into checks that run on every scan.