Get Curation Policy by ID

Description: Get policy by ID. The condition of the policy is inlined for convenience.

Since: 3.116.x

Security: Requires a valid user with the "VIEW_POLICIES" permission.

Usage: GET /api/v1/curation/policies/{policy_id}

Consumes: None

Produces: application/json

Path Parameters: policy_id

Query Parameters: None

Response Body

Name	Type	Description
`id`	string	ID of the policy, used in path parameters to update or delete the policy.
`created_by`	string	Username of user who created the policy
`updated_by`	string	Username of user who updated the policy
`created_at`	string	Timestamp when policy was created
`updated_at`	string	Timestamp when policy was updated
`enabled`	Boolean	Automatically set to true when policy is created. Automatically set to false if something makes the policy’s effective scope empty, for example the only repo the policy can cover is deleted. Can be set to true when updating the policy if the effective scope is not empty when updating the policy.
`name`	string	Name of policy
`scope`	string	One of: `all_repos`, `specific_repos` or `pkg_types`. “`all_repos`” means policy will apply to all curated repositories except those listed in `repo_exclude` “`specific_repos`” means policy will apply to list of repositories listed in `repo_include` “`pkg_types`” means policy will apply to all curated repositories of the package types listed in `pkg_types_include`
`repo_exclude`		Used with scope=`all_repos`
`repo_include`		Used with scope=`specific_repos`
`pkg_types_include`		Used with scope=`pkg_types`
`policy_action`	string	One of: `block` or `dry_run`. Dry run policies only accumulate audit logs, they don’t block packages from being downloaded.
`condition_id`	string	The ID of the condition used by the policy.
`condition`	Condition	The condition used by the policy, selected by `condition_id`, is inlined for convenience.
`waivers`	Array[PackageWaiver]	List of package waivers
`label_waivers`	Array[LabelWaiver]	List of label waivers
`notify_emails`	Array[string]	List of email addresses that receive notification when the policy causes a package to be blocked
`waiver_request_config`	string	One of: forbidden, `manua`l or `auto_approved`. If forbidden, waiver requests cannot be created for the policy. If manual, then waiver requests can be created for the policy, and must be approved by users from the Jfrog Access groups listed in decision_owners. If auto_approved, then waiver requests are allowed to be created and when created they are immediately automatically approved by the system, recording who, when and why created the waiver request.
`decision_owners`	Array[string]	List of JFrog Access groups used by `waiver_request_config=manual`

Sample Request

GET /xray/api/v1/curation/policies/3

Sample Response

{
  "id": "3",
  "created_by": "admin",
  "updated_by": "admin",
  "created_at": "2025-03-12T14:00:41+02:00",
  "updated_at": "2025-03-12T14:00:41+02:00",
  "enabled": true,
  "name": "no malicious",
  "scope": "all_repos",
  "policy_action": "block",
  "condition_id": "1",
  "condition": {
    "id": "1",
    "is_custom": false,
    "created_at": "2023-08-01T03:00:00+03:00",
    "updated_at": "2023-08-01T03:00:00+03:00",
    "risk_type": "security",
    "supported_pkg_types": ["npm","PyPI","Maven","Go","NuGet","Conan","Gems","Gradle","HuggingFaceML","Docker"],
    "name": "Malicious package"
  },
  "waiver_request_config": "forbidden"

Response Codes:

Status	Description
200	OK
400	Bad request
404	Not found