ec inspect policy

Read policies from source urls and show information about the rules inside them== Synopsis

Read policies from a source url and show information about the rules inside them.

This fetches policy sources similar to the 'ec fetch policy' command, but once the policy is fetched the equivalent of 'opa inspect' is run against the downloaded policies.

This can be used to extract information about each rule in the policy source, including the rule annotations which include the rule’s title and description and custom fields used by ec to filter the results produced by conftest.

Note that this command is not typically required to verify the Enterprise Contract. It has been made available for troubleshooting and debugging purposes.

ec inspect policy --source <source-url> [flags]


Print a list of rules and their descriptions from the latest Enterprise Contract release policy:

ec inspect policy --source

Display details about the latest Enterprise Contract release policy in json format:

ec inspect policy --source -o json | jq



display rules included in given collection

-d, --dest

use the specified destination directory to download the policy. if not set, a temporary directory will be used

-h, --help

help for policy (Default: false)

-o, --output

output format. one of: json, text, names, short-names (Default: text)


display results matching package name

-p, --policy

reference to the policy configuration, either EnterpriseContractPolicy Kubernetes custom resource reference [<namespace>/]<name>, or inline JSON or YAML of the spec part


display results matching rule name

-s, --source

policy source url. multiple values are allowed (Default: [])

Options inherited from parent commands


same as verbose but also show function names and line numbers (Default: false)


path to the Kubernetes config file to use


less verbose output (Default: false)


max overall execution duration (Default: 5m0s)


enable trace logging (Default: false)


more verbose output (Default: false)