{ "name": "sec_policy5", "description": "This is a security policy", "type": "security", "rules": [ { "name": "testrule1", "criteria": { "min_severity": "medium" }, "actions": { "webhooks": [ ], "block_download": { "active": true, "unscanned": true }, "block_release_bundle_distribution": true, "fail_build": true, "notify_deployer": true, "notify_watch_recipients": true, "create_ticket_enabled":false }, "priority": 1 } ] }
Operational Risk Sample Response- Setting a minimal risk criteria
{ "name": "operational_risk_policy_1", "description": "Operational Risk policy with minimal risk rule", "type": “operational_risk", "rules": [ { "name": "op_risk_minimal_risk_rule", “criteria": { "op_risk_min_risk": "High", // (default), valid values: [Low,Medium,High] }, "actions": { "webhooks": [], "block_download": { "active": true "unscanned": true }, "fail_build": true }, "priority": 1 } ] }
Operational Risk Sample Response- Setting a custom risk criteria
{ "name": "operational_risk_policy_2", "description": "Operational Risk policy with a custom risk rule", "type": “operational_risk", "rules": [ { "name": "op_risk_custom_rule", “criteria": { "op_risk_custom": { “use_and_condition”: false,// (default) determines if ALL defined conditions should be met for the rule to match, or only 1 of them is enough “is_eol”: flase, // (default) match if the component is defined as ‘end of life’ “commits_less_than”: 10,// match if the amount of commits is less than this value, valid values: [10,25,50,100] “newer_versions_greater_than”: 5,// match if the amount of newer version is higher than this value, valid values: [1,2,3,4,5] “committers_less_than”: 5,// match if the amount of committers is less than this value, valid values: [1,2,3,4,5] “release_date_greater_than_months”: 5,// match if the time since the release date is greater then this value in months, valid values: [6,12,18,24,30,36] “release_cadence_per_year_less_than”: 3,// match if the yearly release cadence is less than this value, valid values: [1,2,3,4,5] “risk”: Low, // (default) if the rule is matched, produce a violation with this risk value, valid values: [Low,Medium,High] } }, "actions": { "webhooks": [], "block_download": { "active": true "unscanned": true }, "fail_build": true }, "priority": 1 } ] }
Response Codes:
200: Success - Policy created
{ "info": "Policy {pName} has been created successfully" }
400 - One or more fields are missing/invalid
409 - Policy {pName} already exists
500 - Failed to create policy