# getting-started


10/26/2023, 2:24 PM
Hi, I understand that you can implement CrossGuard server-side by publishing Policy Packs to Pulumi Cloud or via a step in the CI/CD pipeline. We already have a CICD workflow integrated with Github and a CICD platform for Pulumi that works well. What would be a better approach? I want to make sure that the pipeline fails when we run pulumi preview or up with non-compliant infrastructure.


10/26/2023, 10:20 PM
The server-side enforcement for Policy Packs requires Business Critical edition. If you want to check it out, you can create a trial org in Pulumi Cloud and you get 2 weeks free of Business Critical with no credit card required. The way it works is that you can apply policy packs to multiple stacks (all stacks, all stacks with a tag, etc). Whenever you run a
operation, Pulumi Cloud will automatically run the Policy Packs you have controlled on the server-side (as opposed to having to supply them via a flag yourself if you are not using server-side policy enforcement). Details here:
There's also some new stuff we released with Policy Packs: 1. Compliance-ready policies, which cover a bunch of compliance frameworks like PCI-DSS, etc for each of the major hyperscalers: 2. Remediation policies, which allow you to specify a transform to make a resource compliant, rather than just warning/failing: