---
component: provenance-governor
version: "1.7"
slug: provenance-governor/policy-types
canonical_url: "https://docs.gradle.com/develocity/provenance-governor/1.7/policy-types/"
title: "Policy Types"
description: "Reference for all supported policy types in Develocity Provenance Governor."
keywords:
  - "attestation"
  - "supply chain"
  - "API"
status: current
---

<!-- llms-index: https://docs.gradle.com/develocity/llms.txt -->

# Policy Types

Develocity Provenance Governor supports the following policy types:

 
| Policy Kind | Description |
| --- | --- |
| BuildTool | Enforce specific build tool and version usage |
| JavaToolchains | Control Java toolchain (JDK version/vendor) requirements |
| ResolvedDependenciesRepositories | Restrict dependency resolution sources |
| PackageUrl | Allow or block specific dependencies |
| PublishRepositories | Enforce artifact promotion workflows |
| AttestationsExist | Verify required attestation types exist |
| TrustedPublicKeys | Validate attestation signatures |
| VerificationSummary | Evaluate VSA verification results |
| DependencyScoring | Score dependency health using SLO-based vulnerability and upgrade compliance |