# Create Policy Policies will help you to maintain strict guidelines for a deployment pipeline by allowing users to validate the application configuration while creating an application in spinnaker through a policy. Policies are of two types: * **Static Policy**: A policy that is enforced at all times. * **Run time Policy**: A policy that can only take effect while you are running a pipeline. ### Create Policy To create a new policy follow the steps below: 1. From the ISD application dashboard, Click "**Compliance**" --> Click "**Policy Management**" tab and then Click "+**New Policy"** button as shown in the image below. ![](/files/EaFAYqEz31cnK83nlaSz) 2\. The Policy Management screen appears and select policy type from the drop down as shown below: {% hint style="info" %} **Static Policies** can be created/edited only by the **Administrators**. **Runtime Policies** can be created/edited by the **Developers**. {% endhint %} ![](/files/FYBP8g5561b0ev8VV1dU) Enter the following details: * Enter the Name of the policy in the text box. * Select the Policy type from the drop-down. * Select the Policy Engine as OPA from the drop-down. * Select the Policy Engine Account from the drop-down. * Enter the Policy Description in the text box. * Select and add any available Policy file. 3\. Enter the **Policy Details** in the text box and click “**Save & Finish**” to create the policy as shown in the image below: ![](/files/L726S5Dbb39dsIabDkHy) {% hint style="info" %} **Note:** The repository contains a collection of sample policies that can be used with OpsMx ISD. Refer to the below link to view the sample policies. {% endhint %} {% embed url="" %} Collection of sample policies {% endembed %} ### Here are a couple of examples from the repository: **Static Policy to restrict image source while a pipeline is being saved** ``` ###### #IF # application named "sampleapp" # deploying to an account "production" # THEN # The image, if present MUST start with "docker.opsmx.com" # # Other applications/pipelines can be saved without these restrictions package opa.spinnaker.pipelines.new deny[msg] { count(input.new.stages)>0 input.new.application == "sampleapp" input.new.stages[_].account == "production" images := input.new.stages[_].manifests[_].spec.template.spec.containers[_].image not startswith(images, "docker.opsmx.com/") msg := sprintf("[%v] being deployed to be from docker.opsmx.com", [images]) } ``` **Dynamic policy that verifies the deployment is not happening during a blackout window** ``` # This policy verifies the deployment is not happening during a blackout window. # The blackout window can be configured by changing hour package opa.pipelines.datetimeslot deny["Pipeline has no start time"] { startTime := input.startTime startTime == 0 } weekday { day := time.weekday(time.now_ns()) day != "Saturday" day != "Sunday" } deny["No deployments allowed between 09am - 04pm on weekdays"] { [hour, minute, second] := time.clock([time.now_ns(), tz]) tz = "Africa/Lagos" hour >= 9 hour < 16 weekday } ``` **To know more about policy as code, refer** [**here**](https://www.opsmx.com/blog/getting-started-with-policy-as-code/)**.** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.opsmx.com/opsmx-1/opsmx-context-engine/additional-resources/previous-releases/isd-3.12/quickstart-guide/manage-policy/create-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.