Skip to main content
Anaconda Platform 7.0.0 is available through a limited early access program. Contact your Anaconda Technical Account Manager (TAM) if you’re interested in adopting the latest version.
A policy is a security control you can apply to a channel to configure which packages are mirrored from the channel’s source. Enforcing policies ensures that only approved software is available, helping maintain consistency across team and reducing security risks. Policies allow you to filter packages based on criteria such as package name, platform architecture, license, and Common Vulnerabilities and Exposures (CVE) score and status to meet your organization’s compliance and security requirements.
Visibility and management of policy features depend on your assigned role. Only users with Write or Manage permissions for the Policy Engine can create and manage policies.

Creating a policy

Policy filters only work for conda repositories. Standard Python and R repositories must use mirror filters to restrict packages. For more information, see Creating a mirror.
Policies only filter from a when the channel’s runs. If you update a policy, packages in affected channels aren’t updated until the channel’s mirror next runs per its scheduled frequency configuration.
  1. Select Policies from the left-hand navigation.
  2. Click Create Policy.
  3. Complete the Create Policy form.
    The Create Policy form provides a step-by-step approach to building policies for your channels.
    • Each field provides an info tip to help you understand and complete the form. Hover over the icon to view tips.
    • As you build the policy, a real-time summary appears on the right, explaining in plain language what the policy enforces.
    • Select < Previous or Next > to navigate the different sections of the Create Policy form.
    1

    Set Details

    Set details step
    1. Policy Name
      Provide a unique name for your policy.
      Use a descriptive name that helps users understand its purpose.
    2. Description
      Enter a brief description of what effect the policy will have on a channel or mirror.
    2

    Set Package Rules

    Set packages step
    1. Platform
      Restrict packages based on their platform architecture.
      • The in operator only includes packages that match the specified platform architecture.
      • The not in operator excludes packages that match the specified platform architecture.
      Anaconda Platform automatically includes any package dependencies in your channel when you apply a policy that restricts packages by platform architecture.
    2. License
      Restrict packages based on their license type. Multiple license types can be specified for the policy.
      • The in operator only includes packages that match the specified license.
      • The not in operator excludes packages that match the specified license.
      For more information, see Package license information.
    3. Package Name(s)
      If you know the specific packages you want your channel or mirror to contain, enter their names here.
      Specifying packages by name does not automatically populate the channel with their dependencies.
    4. Include Dependencies
      Select this checkbox to include dependencies for the packages specified in the Package Name(s) field.
      This option must be selected to enable a dependency report download for mirrors this policy is applied to. For more information, see Download Dependency Report under Mirror actions.
    5. Other Package Criteria
      • Only Signed Packages
        Select this checkbox to only mirror packages that have Anaconda signatures from the source mirror.
      • Legacy Packages
        Select this checkbox to include .tar.bz2 package files along with .conda files for packages. This effectively doubles your required storage space.
        When this checkbox is left unselected, .tar.bz2 files are still included if they are the only ones available in the source.
    6. Date Range
      Instruct the policy to only include packages that were created within the range selected.
    3

    Set CVE Rules

    Set CVE rules step
    1. CVE Score
      Restrict packages based on their associated CVE Scores.
    2. The and | or operators
      • The and operator includes package files that meet all the specified criteria.
      • The or operator includes package files that meet at least one of the specified criteria.
    3. CVE Status
      Restrict packages based on their associated CVE Status.
    4. CVE Allowlist IDs
      listed here are not considered for package file filtering criteria.
      CVE names follow the format CVE-YYYY-##### (Example: CVE-2025-12345).
    4

    Set Exclusions

    Set exclusions step
    1. Exclude Packages
      Enter the name of any packages you want to exclude. To list multiple packages, press the Tab key after entering each package name.
    2. Exclusion Exceptions
      Include specific packages that would otherwise be removed by the exclude packages filter by listing them here.
    3. CVE Status
      Choose to restrict packages by their CVE Status.
      Package exclusions and exclusion exceptions can be specified using non-exact values by including wildcard * and >/< ranges (where supported). For more information, see Package Match Specifications in the official conda documentation.
    5

    Review

    Review the rules that your policy will enforce.
    Review policy step
  4. Click Create Policy.

Managing policies

Select Policies from the left-hand navigation to view all policies and see which channels and mirrors they are associated with.
View all policies page
Use the search box to locate a policy by name. You can match any part of the policy name to filter the list.
Use the Actions dropdown to manage your policies.
Policy actions menu

View Details

View a read-only version of the policy details.

Edit

Modify an existing policy using the same process as when creating a policy.

Delete

Permanently delete the policy. A warning displays if the policy is currently applied to any channels or mirrors.