Governance
Sandbox governance covers the policy system that controls what sandboxes can access over the network and on the filesystem. It operates at two layers, and only one applies at a time:
Local policy is configured per machine using the sbx policy CLI. It
lets individual developers customize which domains their sandboxes can reach.
See Local policy.
Organization policy is configured centrally in the Docker Admin Console or
via the
Governance API. Rules defined at the org level apply
uniformly across every sandbox in the organization. When organization
governance is active, it replaces local policy entirely: local sbx policy
rules are no longer evaluated. See Organization policy.
NoteOrganization governance is available on a separate paid subscription. Contact Docker Sales to request access.
Learn more
- Policy concepts: resource model, rule syntax, evaluation, and precedence
- Local policy: configure network and filesystem rules on your
machine with the
sbx policyCLI - Organization policy: centrally manage sandbox policies across your organization from the Admin Console
- Monitoring: inspect active rules and monitor sandbox
network traffic with
sbx policy lsandsbx policy log - API reference: manage org policies programmatically via the Governance API