rorix policy

Evaluate your project dependencies against a policy configuration file.

Usage

rorix policy [path] [options]

If no path is provided, Rorix looks for .rorix.yml in the current directory.

Options

| Option | Default | Description | | --- | --- | --- | | --config | .rorix.yml | Path to the policy configuration file |

Examples

Evaluate with default config

rorix policy

Use a custom policy file

rorix policy --config policies/strict.rorix.yml

Evaluate a specific project

rorix policy ./src/MyApp/MyApp.csproj --config .rorix.yml

Exit Codes

| Code | Meaning | | --- | --- | | 0 | All policy checks passed | | 1 | One or more policy violations detected |

Output

When violations are found, Rorix prints a summary:

 Policy Violations (3 found)

 FAIL  maxSeverity: found critical vulnerability in Microsoft.Data.SqlClient@4.1.0
 FAIL  blockedLicenses: log4net@2.0.12 uses GPL-2.0
 FAIL  failOnOutdatedMajor: Newtonsoft.Json@12.0.3 is 2 major versions behind

 Result: FAIL (3 violations)

See the Policy Reference for all available rules and configuration options.