Hi I understand that you can implement CrossGuard server sid

Question

Hi I understand that you can implement CrossGuard server side by publishing Policy Packs to Pulumi Cloud or via a step in the CI CD pipeline We already have a CICD workflow integrated with Github and a CICD platform for Pulumi that works well What would be a better approach I want to make sure that the pipeline fails when we run pulumi preview or up with non compliant infrastructure

stocky-restaurant-98004 · Answer

The server side enforcement for Policy Packs requires Business Critical edition If you want to check it out you can create a trial org in Pulumi Cloud and you get 2 weeks free of Business Critical with no credit card required The way it works is that you can apply policy packs to multiple stacks all stacks all stacks with a tag etc Whenever you run a `pulumi` operation Pulumi Cloud will automatically run the Policy Packs you have controlled on the server side as opposed to having to supply them via a flag yourself if you are not using server side policy enforcement Details here <https www pulumi com docs using pulumi crossguard configuration using the pulumi cloud>

stocky-restaurant-98004 · Answer

There s also some new stuff we released with Policy Packs 1 Compliance ready policies which cover a bunch of compliance frameworks like PCI DSS etc for each of the major hyperscalers 2 Remediation policies which allow you to specify a transform to make a resource compliant rather than just warning failing