Source Repo Allowlist
gitops.source-repo-allowlist
Requires each Application's manifest source repository to be within a configured allow-list of trusted repositories. Prevents deployments from unreviewed or untrusted Git sources.
Compatible Integrations
This guardrail works with the following integrations. Click to see how to use Source Repo Allowlist with each collector.
Enable This Guardrail
Add the parent policy to your lunar-config.yml to enable this guardrail.
policies:
- uses: github://earthly/lunar-lib/policies/gitops@v1.0.5
include: [source-repo-allowlist]
# with: ...
How This Guardrail Works
This guardrail is part of the GitOps Guardrails policy. It evaluates data collected by integrations and produces a pass/fail check with actionable feedback.
When enabled, this check runs automatically on every PR and in AI coding workflows, providing real-time enforcement of your engineering standards.
Learn How Lunar Works →Configuration Options
These inputs can be configured in your lunar-config.yml to customize
how the parent policy (and this guardrail) behaves.
| Input | Required | Default | Description |
|---|---|---|---|
allowed_source_repos
|
Required | — | Comma-separated allow-list of permitted Application source repoURLs for source-repo-allowlist. Required when that check is enabled (errors if empty). |
allowed_destinations
|
Required | — | Comma-separated allow-list of permitted destinations for destination-allowlist. Each entry is `namespace` (allowed on any cluster) or `cluster/namespace` (pinned to one cluster — the cluster segment matches the Application destination's registered name or its server URL). Required when that check is enabled (errors if empty). |
expected_tag
|
Required | — | For gitops-managed — only enforce coverage on components whose catalog tags (.catalog.entity.tags, e.g. from a Backstage catalog-info.yaml) include this value. Empty enforces on every component the policy targets (via on:). |
GitOps Guardrails
This guardrail is part of the GitOps Guardrails policy, which includes 4 guardrails for deployment and infrastructure.
Ready to Automate Your Standards?
See how Lunar can turn your AGENTS.md, engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 200+ built-in guardrails.