chainctl
chainctl Chainguard Control
2 min read
For the complete documentation index, see llms.txt.
Update a custom Libraries policy.
chainctl libraries policy update POLICY [--cooldown-days N] [--block ...] [--allow ...] [flags] --allow stringArray A package permitted to bypass gates, as comma-separated key=value pairs: purl=<package-url>[,bypass-cooldown=true][,bypass-malware=true][,justification="..."]. Replaces the existing allow list. Repeatable.
--block stringArray A package to always deny, as purl=<package-url> (pkg:pypi/<name>, pkg:npm/<name>, pkg:maven/<group>/<artifact>); append @<version> to block a single version. Replaces the existing block list. Repeatable.
--cooldown-days int32 The cooldown window in days (0 disables, 1-30 explicit, omit to inherit the default). (default -1)
--description string The updated description of the policy.
--parent string The name or id of the organization that owns the policy. --api string The url of the Chainguard platform API. (default "https://console-api.enforce.dev")
--audience string The Chainguard token audience to request. (default "https://console-api.enforce.dev")
--config string A specific chainctl config file. Uses CHAINCTL_CONFIG environment variable if a file is not passed explicitly.
--console string The url of the Chainguard platform Console. (default "https://console.chainguard.dev")
--force-color Force color output even when stdout is not a TTY.
-h, --help Help for chainctl
--issuer string The url of the Chainguard STS endpoint. (default "https://issuer.enforce.dev")
--log-level string Set the log level (debug, info) (default "ERROR")
-o, --output string Output format. One of: [csv, env, go-template, id, json, markdown, none, table, terse, tree, wide]
-v, --v int Set the log verbosity level.Last updated: 2026-06-22 22:04