List Curation Condition Templates

Description: Get condition templates with their parameters, from which custom conditions can be built.

Notes:Every custom condition is built using a single template identified by condition_template_id and some parameters. Each template lists the parameters that are allowed (or required) to use the template to create a custom condition. For example, to create a custom condition from the CVEName template, the cve_name parameter is required.

This API lists all the available templates and their parameters.

Since: 3.116.x

Security: Requires a valid user with the "VIEW_POLICIES" permission.

Usage: GET /xray/api/v1/curation/condition_templates

Consumes: None

Produces: application/json

Path Parameters: None

Query Parameters: None

Response Body

Name	Type	Description
`data`	Array[ConditionTemplate]	Object per supported condition template
`total_count`	integer	Total number of available condition templates

ConditionTemplate

Name	Type	Description
`condition_template_id`	string	Identifier of one of the condition templates.
`name`	string	Name of condition template.
`risk_type`	string	One of `Security`, `Operational` or `Legal`.
`supported_pkg_types`	Array[string]	List of package types that can be used with this condition template. Note that the created condition might only support some, not all of the package types.
`params`	Array[Param]	List of supported parameters for the condition template.

Param

Name	Type	Description
`param_id`	string	Identifier of the parameter for the template.
`is_optional`	boolean	Marks optional parameters. If not specified, the parameter is required.

Sample Response

{
  "data": [
    {
      "condition_template_id": "OpenSSF",
      "name": "Package OpenSSF scorecard score in a range",
      "risk_type": "security",
      "supported_pkg_types": ["npm", "PyPI", "Maven", "Go", "NuGet", "Conan", "Gems", "Gradle"],
      "params": [
        {
          "param_id": "list_of_scorecard_checks"
        },
        {
          "param_id": "block_in_case_check_value_is_missing"
        }
      ]
    },
    {
      "condition_template_id": "BannedLabels",
      "name": "Package assigned to a label that is banned",
      "risk_type": "security",
      "supported_pkg_types": ["npm", "PyPI", "Maven", "Go", "NuGet", "Conan", "Gems", "Gradle", "HuggingFaceML", "Docker"],
      "params": [
        {
          "param_id": "list_of_labels"
        }
      ]
    },
    {
      "condition_template_id": "AllowedLabels",
      "name": "Block package unless it has a label in allowed labels list",
      "risk_type": "security",
      "supported_pkg_types": ["npm", "PyPI", "Maven", "Go", "NuGet", "Conan", "Gems", "Gradle", "HuggingFaceML", "Docker"],
      "params": [
        {
          "param_id": "list_of_labels"
        }
      ]
    },
    {
      "condition_template_id": "SpecificVersions",
      "name": "Block specific package version",
      "risk_type": "security",
      "supported_pkg_types": ["npm", "PyPI", "Maven", "Go", "NuGet", "Conan", "Gems", "Gradle", "HuggingFaceML", "Docker"],
      "params": [
        {
          "param_id": "package_type"
        },
        {
          "param_id": "package_name"
        },
        {
          "param_id": "package_versions",
          "is_optional": true
        }
      ]
    },
    {
      "condition_template_id": "AllowedLicenses",
      "name": "Package license in allowed license list",
      "risk_type": "legal",
      "supported_pkg_types": ["npm", "PyPI", "Maven", "Go", "NuGet", "Conan", "Gems", "Gradle", "HuggingFaceML"],
      "params": [
        {
          "param_id": "list_of_package_licenses"
        },
        {
          "param_id": "multiple_license_permissive_approach"
        }
      ]
    },
    {
      "condition_template_id": "BannedLicenses",
      "name": "Package license in banned license list",
      "risk_type": "legal",
      "supported_pkg_types": ["npm", "PyPI", "Maven", "Go", "NuGet", "Conan", "Gems", "Gradle", "HuggingFaceML"],
      "params": [
        {
          "param_id": "list_of_package_licenses"
        },
        {
          "param_id": "multiple_license_permissive_approach"
        }
      ]
    },
    {
      "condition_template_id": "CVECVSSRange",
      "name": "Package has vulnerability with CVSS score in range {range}",
      "risk_type": "security",
      "supported_pkg_types": ["npm", "PyPI", "Maven", "Go", "NuGet", "Conan", "Gems", "Gradle"],
      "params": [
        {
          "param_id": "vulnerability_cvss_score_range"
        },
        {
          "param_id": "epss",
          "is_optional": true
        },
        {
          "param_id": "apply_only_if_fix_is_available",
          "is_optional": true
        },
        {
          "param_id": "do_not_apply_for_already_existing_vulnerabilities",
          "is_optional": true
        }
      ]
    },
    {
      "condition_template_id": "isImmature",
      "name": "Package version is immature",
      "risk_type": "operational",
      "supported_pkg_types": ["npm", "PyPI", "Maven", "Go", "NuGet", "Conan", "Gems", "Gradle"],
      "params": [
        {
          "param_id": "package_age_days"
        },
        {
          "param_id": "vulnerability_cvss_score",
          "is_optional": true
        }
      ]
    },
    {
      "condition_template_id": "CVEName",
      "name": "Package is vulnerable to CVE {CVE-ID}",
      "risk_type": "security",
      "supported_pkg_types": ["npm", "PyPI", "Maven", "Go", "NuGet", "Conan", "Gems", "Gradle"],
      "params": [
        {
          "param_id": "cve_name"
        }
      ]
    }
  ],
  "total_count": 9
}

Parameter Explanation

Condition Template	Parameter	Required/Optional	Description
`condition_template_id: OpenSSF`
	`param_id: list_of_scorecard_checks`	Required	Array of objects, each object has two properties: `checkName` and `checkValuecheckValue` is a number between 0 and 10 (not inclusive). If `checkName` is “Aggregated score” then one decimal digit after the decimal place is allowed in `checkValue`, otherwise `checkValue` must be an integer. `checkName` must be one of the openSSF checks: "`Aggregated score`", "`Binary-Artifacts`", "`Branch-Protection`", "`CII-Best-Practices`", "`Code-Review`", "`Dangerous-Workflow`", "`Fuzzing`", "`License`", "`Maintained`", "`Packaging`", "`Pinned-Dependencies`", "`SAST`", "`Security-Policy`", "`Signed-Releases`", "`Token-Permissions`", "`Vulnerabilities`"
	`param_id: block_in_case_check_value_is_missing`	Required	Boolean, if set to true the condition would block a package if the package does not have a value for one of the checks used in the `list_of_scorecard_checks` in the condition.
`condition_template_id: BannedLabels and AllowedLabels`	`param_id: list_of_labels`	Required	Array of strings which must be labels in the customer’s catalog
`condition_template_id: SpecificVersions`
	`param_id: package_type`	Required	String, one of: "`npm`", "`PyPI`", "`Maven`", "`Go`", "`NuGet`", "`Conan`", "`Gems`", "`Gradle`", "`HuggingFaceML`", "`Docker`".
	`param_id: package_name`	Required	String, package name from Catalog.
	`param_id: package_versions`	Required	Array of objects. Exact list of versions to block those specific listed versions: `{"in": ["3.6.1", "3.7.1"]}` Greater than a version: `{"gt": "3.6.1"}` Greater than or equals a version: `{"gte": "3.6.1"}` Less than a version: `{"lt": "3.7.1"}` Less than or equals a version: `{"lte": "3.7.1"}` Range of versions (not inclusive): `{"gt": "3.6.1", "lt": "3.7.1"}` Range of versions (including start, not including end): `{"gte": "3.6.1", "lt": "3.7.1"}` Range of versions (not including start, including end): `{"gt": "3.6.1", "lte": "3.7.1"}` Range of versions (including start and end): `{"gte": "3.6.1", "lte": "3.7.1"}` All versions: `{"any": ""}`
`condition_template_id: AllowedLicenses`
	`param_id: list_of_package_licenses`	Required	Array of strings. Licences from Catalog.
	`param_id: multiple_license_permissive_approach`	Required	Boolean.If `true` then the behavior is: if at least one license of the package is allowed then allow the package, if no license is allowed then block the package. If `false` then the behavior is: if every license of the package is allowed then allow the package, if at least license of the package is not allowed then block the package.
`condition_template_id: BannedLicenses`
	`param_id: list_of_package_licenses`	Required	Array of strings. Licences from Catalog.
	`param_id: multiple_license_permissive_approach`	Required	Boolean. If `true` then the behavior is: if every license is banned then block the package. If `false` then the behavior is: if at least one license of the package is banned then block the package.
`condition_template_id: CVECVSSRange`
	`param_id: vulnerability_cvss_score_range`	Required	Array of exactly two numbers. Each number must be between 0 and 10 (not inclusive) and can have at most one decimal digit after the decimal point.
	`param_id: epss`	Optional	Object with two properties: `field_name` and `value`. `Field_name` must be a string, either “`score`” or “`percentile`”. `Value` must be a number. If `field_name` is “`score`” then `value` must be between `0` and `1` (not inclusive). If `field_name` is “`percentile`” then value must be between `0` and `100` (not inclusive).
	`param_id: apply_only_if_fix_is_available`	Optional	If t`rue` then the condition blocks a package only for vulnerabilities that have a fixed version.
	`param_id: do_not_apply_for_already_existing_vulnerabilities`	Optional	Default: `false` Boolean.
	`param_id: do_not_apply_for_already_existing_vulnerabilities`	Optional	Default: `false` Boolean. If `true`then the condition blocks a package only if the vulnerability is not found in other versions of the package already present in Artifactory cache for the remote repository.
`condition_template_id: isImmature`
	`param_id: package_age_days`	Required	A whole number between `0` and `100` (not inclusive). Minimum allowed age of package version in days.
	`param_id: vulnerability_cvss_score`	Optional	A number between `0` and `10` (not inclusive) with at most one decimal digit after the decimal point. If provided, if the package version is the fix version of a vulnerability with CVSS score at least as high as the value, the package version will not be blocked even if it is too new. This is to allow upgrading vulnerable versions of the package to non-vulnerable versions of the package, even if the fix has just been released and would otherwise be considered too new.
`condition_template_id: CVEName`	`param_id: cve_name`	Required	String of the form “`CVE-2025-12345`”. The name of a vulnerability from Catalog, which is linked in the Catalog to a package of a type supported by Curation.