Create Template

JFrog REST APIs
Content Type
REST API

Description: Creates a template for a policy rule based on the logic you supply using Rego code.

Usage: POST https://{{artifactory-host}}/unifiedpolicy/api/v1/templates

Permission: Manage policies

Consumes: application/json

Request Body:

Parameter

Type

Required

Description

name

string

yes

The template name, 1-255 characters.

description

string

no

Free text description up to 2048 characters.

version

string

yes

The template version, 1-100 characters.

category

enum

yes

Metadata that defines the purpose (i.e., category) of the template. Valid values: security, legal, operational, quality, audit, workflow

data_source_type

string

yes

One of the supported types of verified schemas. Valid values: evidence, noop

rego

string

yes

Rego policy code block (1-65536 chars) where you define the logic to perform in the template. Rego is the native query language for Open Policy Agent (OPA), an open source policy engine. For information about Rego coding, see OPA Policy Language.

In addition, see the List of Valid Rego Operations.

parameters

array

yes

Array of objects, each having a name and type. These are used to declare the expected keys and types of Rego parameters.

scanners

array

no

List of scanner types that this template supports. Defaults to an empty array if not provided.

Valid values: secrets, sca, exposures, contextual_analysis, malicious_package

Sample Request:

{ 
    "name": "No suspicious package exists", 
    "description": "No suspicious package exists in application version",
    "version": "1.0.0", 
    "category": "security",
    "data_source_type": "evidence",
    "rego": "package curation.policies\n\nimport rego.v1\n\nrelease := input.data\n\nrelease_evidence := [evidence | some evidence in release.evidenceConnection[_]]\n\nartifact_evidence := [evidence | some evidence in release.artifactsConnection[_].node.evidenceConnection[_]]\n\nbuild_evidence := [evidence | some evidence in release.fromBuilds[_].evidenceConnection[_]]\n\nall_layers_evidences := array.concat(release_evidence, array.concat(artifact_evidence, build_evidence))\n\ndefault exists := false\n\nexists if {\n\tsome evidence in all_layers_evidences\n\tevidence.node.predicateType == \"https://jfrog.com/evidence/cyclonedx/sbom/v1.6\"\n\tsome component in evidence.node.predicate.components\n\tcomponent.name == input.params.packageName\n}\n\ndefault should_allow := true\n\nshould_allow := false if {\n\texists\n}\n\nallow := {\n    \"should_allow\": should_allow,\n    \"explanation\": concat(\" \",[input.params.packageName, \" - suspicious package exists in application version\"]),\n}",
    "parameters": [
        {
            "name": "packageName",
            "type": "string"
        }
    ]
}

Sample Response:

{
    "description": "No suspicious package exists in any cyclone evidence",
    "name": "No suspicious package exists",
    "category": "security",
    "parameters": [
        {
            "name": "packageName",
            "type": "string"
        }
    ],
    "rego": "package curation.policies\n\nimport rego.v1\n\nrelease := input.data\n\nrelease_evidence := [evidence | some evidence in release.evidenceConnection[_]]\n\nartifact_evidence := [evidence | some evidence in release.artifactsConnection[_].node.evidenceConnection[_]]\n\nbuild_evidence := [evidence | some evidence in release.fromBuilds[_].evidenceConnection[_]]\n\nall_layers_evidences := array.concat(release_evidence, array.concat(artifact_evidence, build_evidence))\n\ndefault exists := false\n\nexists if {\n\tsome evidence in all_layers_evidences\n\tevidence.node.predicateType == \"https://jfrog.com/evidence/cyclonedx/sbom/v1.6\"\n\tsome component in evidence.node.predicate.components\n\tcomponent.name == input.params.packageName\n}\n\ndefault should_allow := true\n\nshould_allow := false if {\n\texists\n}\n\nallow := {\n    \"should_allow\": should_allow,\n    \"explanation\": concat(\" \",[input.params.packageName, \" - suspicious package exists in application version\"]),\n}",
    "scanners": [],
    "version": "1.0.0",
    "data_source_type": "evidence",
    "is_custom": true,
    "created_at": "2025-12-01T12:13:58.992204+02:00",
    "created_by": "admin",
    "id": "1994456353563553792",
    "updated_at": "2025-12-01T12:13:58.992204+02:00",
    "updated_by": "admin"
}

Status Codes:

Code

Description

201

Template created successfully

400

Bad Request (validation error)

401

Unauthorized

403

Forbidden (insufficient permissions)

409

Conflict (duplicate name)

500

Internal server error