Serverless Safeguards Custom Policy

configs.policies.allowed-plugins.js

'use strict';

module.exports = function allowedPluginsPolicy(policy, service, allowedPlugins) {
  let failed = false;
  const pluginNames = service.compiled['serverless-state.json'].service.plugins || [];
  for (const [i, plugin] of pluginNames.entries()) {
    if (allowedPlugins.indexOf(plugin) == -1) {
      policy.fail(
        `Plugin name "${plugin}" not in list of permitted plugins: ${JSON.stringify(allowedPlugins)}`
      );
      failed = true;
    }
  }
  if (!failed) {
    policy.approve();
  }
};

module.exports.docs = 'http://www.perdu.com/';

configs.safeguards.yml

safeguards:
  - title: Allowed plugins
    safeguard: allowed-plugins
    enforcementLevel: error
    description: This policy allows use of limited list of plugins.
    path: ./configs/policies
    config:
      - '@serverless/safeguards-plugin'
      - 'serverless-aws-documentation'
      - 'serverless-pseudo-parameters'
      - 'serverless-python-requirements'
      - 'serverless-iam-roles-per-function'
      - 'serverless-plugin-extrinsic-functions'

serverless.yml

custom:
  safeguards: ${file(configs/safeguards.yml):safeguards}