> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cysmiq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Custom policies

> Create condition-based policies for supported Cysmiq policy targets.

## Overview

Custom policies evaluate condition logic against supported targets such as vulnerabilities, packages, package versions, manifests, assets, secrets, and code findings.

Use custom policies when built-in SLA, package, or manifest policy types do not cover the control you want to express.

## Targets

Supported target types are:

* `vulnerability`
* `package`
* `package_version`
* `manifest`
* `asset`
* `secret`
* `code`

Each target type supports a different set of condition fields. See [Policy condition fields](/reference/policy-condition-fields) for the source-backed reference.

Environment condition fields come from [environment mappings](/concepts/environments), which map repository branches and tags to deployment boundaries.

## Condition structure

Conditions use nested groups:

| Group | Meaning                                     |
| ----- | ------------------------------------------- |
| `all` | Every child rule or group must match        |
| `any` | At least one child rule or group must match |
| `not` | Negates one child rule or group             |

Rules use a field, operator, and value:

```json Condition rule theme={null}
{ "field": "severity", "op": "in", "value": ["critical", "high"] }
```

## Operators

Operators depend on the field type:

| Field type | Common operators          |
| ---------- | ------------------------- |
| String     | `=`, `!=`, `in`, `prefix` |
| Number     | `>`, `>=`, `<`, `<=`, `=` |
| Boolean    | `=`, `!=`                 |
| Array      | `contains`, `overlaps`    |

For `in`, `contains`, and `overlaps`, provide a JSON array value.

## Actions

Custom policies can define actions:

| Action | Purpose                                                                  |
| ------ | ------------------------------------------------------------------------ |
| SLA    | Set a remediation window such as `7d` and whether to reset on regression |
| Notify | Notify selected users or roles when violations are created               |

```json SLA action theme={null}
{
  "sla": {
    "window": "7d",
    "reset_on_regression": true
  }
}
```

## Dry run

Dry run is available for custom policies with a target type. Use it to preview matches for a selected repository before relying on the policy in normal workflows.

Dry runs can use the saved condition or a temporary condition override.

## JSON import

Custom policies can be imported from JSON. Imported policies are created disabled so they can be reviewed before activation.

```json Import shape theme={null}
{
  "name": "Critical production vulnerabilities",
  "target_type": "vulnerability",
  "status": "disabled",
  "applies_by_default": true,
  "enforcement_mode": "block",
  "condition": {
    "all": [
      { "field": "severity", "op": "in", "value": ["critical", "high"] },
      { "field": "environment.is_production", "op": "=", "value": true }
    ]
  },
  "actions": {
    "sla": {
      "window": "7d",
      "reset_on_regression": true
    }
  }
}
```

## Related docs

* [Policies](/policies/overview)
* [Policy violations](/policies/violations)
* [Policy condition fields](/reference/policy-condition-fields)
* [Environments](/concepts/environments)
