Description: Get policies, with pagination and filtering. The condition of each policy is inlined for convenience.
Since: 3.116.x
Security: Requires a valid user with the "VIEW_POLICIES" permission.
Usage: GET /xray/api/v1/curation/policies
Consumes: None
Produces: application/json
Path Parameters: None
Query Parameters:
Parameters:
Parameter | Type | Mandatory/Optional | Default Value | Description |
|---|---|---|---|---|
| string | optional |
| Field used for sorting. One of: “ |
| string | optional |
| Sorting direction. One of “ |
| number | optional |
| Number of rows in the response. |
| number | optional |
| The number of the page in pagination. |
| number | optional |
| Alternative to page number, pagination offset. |
| string | optional | n/a | Filter by name of policy |
| string | optional | n/a | Filter by action of policy. Either |
| boolean | optional | n/a | Filter by whether policy is enabled or not. Either |
| number | optional | n/a | Filter by condition used by the policy. |
Response Body
Name | Type | Description |
|---|---|---|
| Array[Policy] | Array of policy objects |
| PaginationMeta | Pagination metadata |
PaginationMeta
Name | Type | Description |
|---|---|---|
| integer | Total number of objects that fit the filter (if any), possibly more than fit in a page |
| integer | Count of objects in this result page |
| string | Echo of request sorting key (or default sorting key) |
| string | Echo of request sorting direction (or default sorting direction) |
| integer | Echo of request number of objects per page (or default value) |
page_num | integer | Echo of request page number (or default value) |
Policy
Name | Type | Description |
|---|---|---|
| string | ID of the policy, used in path parameters to update or delete the policy. |
| string | Username of user who created the policy |
| string | Username of user who updated the policy |
| string | Timestamp when policy was created |
| string | Timestamp when policy was updated |
| Boolean | Automatically set to true when policy is created. Automatically set to false if something makes the policy’s effective scope empty, for example the only repo the policy can cover is deleted. Can be set to true when updating the policy if the effective scope is not empty when updating the policy. |
| string | Name of policy |
| string | One of:
|
| Used with scope= | |
| Used with scope= | |
| Used with scope= | |
| string | One of: Dry run policies only accumulate audit logs, they don’t block packages from being downloaded. |
| string | The ID of the condition used by the policy. |
| Condition | The condition used by the policy, selected by |
| Array[PackageWaiver] | List of package waivers |
| Array[LabelWaiver] | List of label waivers |
| Array[string] | List of email addresses that receive notification when the policy causes a package to be blocked |
| string | One of: forbidden, If forbidden, waiver requests cannot be created for the policy. If manual, then waiver requests can be created for the policy, and must be approved by users from the Jfrog Access groups listed in decision_owners. If auto_approved, then waiver requests are allowed to be created and when created they are immediately automatically approved by the system, recording who, when and why created the waiver request. |
| Array[string] | List of JFrog Access groups used by |
Condition
Name | Type | Description |
|---|---|---|
| string | The ID of the condition, used as path parameter when updating or deleting the condition and when referring to it in a policy. |
| string | One of the IDs of the supported condition templates returned by the list condition templates api |
| string | The name of the condition |
| Boolean | false for built-in immutable conditions, true for mutable user created custom conditions |
| string | Timestamp when the condition was created |
| Timestamp when the condition was updated | |
| One of: | |
| One of: " | |
| Array[ParamWithValue] | Array of parameter values. |
PackageWaiver
Name | Type | Description |
|---|---|---|
| string | ID of this package waiver. Needs to be sent in PUT request when modifying the policy to keep the waiver. |
| string | Package type. One of: " Additional package types will be added. |
| string | Name of package from Catalog |
| Boolean | Set to true to indicate all versions |
| Array[string] | List of specific versions of the package from the Catalog |
| string | A way to document why the waiver was created |
| string | Username of user who created the waiver |
| string | Timestamp when waiver was created |
LabelWaiver
Name | Type | Description |
|---|---|---|
| string | Id of this label waiver. Needs to be sent in PUT request when modifying the policy to keep the waiver. |
| string | A label from the custom Catalog. |
| string | A way to document why the waiver was created |
| string | Username of user who created the waiver |
| string | Timestamp when waiver was created |
Sample Request
GET /xray/api/v1/curation/policies?enabled=true&policy_action=block&order_by=updated_at&direction=asc&num_of_rows=100&page_num=1
Sample Response
{
"data": [
{
"id": "11",
"created_by": "admin",
"updated_by": "admin",
"created_at": "2025-03-12T16:26:10+02:00",
"updated_at": "2025-03-12T16:26:10+02:00",
"enabled": true,
"name": "no mal all repos",
"scope": "all_repos",
"policy_action": "block",
"condition_id": "1",
"condition": {
"id": "1",
"is_custom": false,
"created_at": "2023-08-01T03:00:00+03:00",
"updated_at": "2023-08-01T03:00:00+03:00",
"risk_type": "security",
"supported_pkg_types": ["npm","PyPI","Maven","Go","NuGet","Conan","Gems","Gradle","HuggingFaceML","Docker"],
"name": "Malicious package"
},
"waivers": [
{
"id": "1",
"pkg_type": "npm",
"pkg_name": "jquery",
"all_versions": false,
"pkg_versions": ["3.7.1"],
"justification": "this is just an example",
"created_by": "admin",
"created_at": "2025-03-12T16:34:16+02:00"
},
{
"id": "2",
"pkg_type": "npm",
"pkg_name": "jquery",
"all_versions": true,
"justification": "another example",
"created_by": "admin",
"created_at": "2025-03-12T16:51:21+02:00"
}
],
"label_waivers": [
{
"id": "1",
"label": "Manual",
"justification": "because it's manually approved",
"created_by": "admin",
"created_at": "2025-03-12T16:44:48+02:00"
}
],
"notify_emails": [
"someone@example.com"
],
"decision_owners": [
"deciders"
],
"waiver_request_config": "manual"
},
{
"id": "12",
"created_by": "admin",
"updated_by": "admin",
"created_at": "2025-03-12T16:28:15+02:00",
"updated_at": "2025-03-12T16:28:15+02:00",
"enabled": true,
"name": "no mal npm",
"scope": "pkg_types",
"policy_action": "block",
"condition_id": "1",
"condition": {
"id": "1",
"is_custom": false,
"created_at": "2023-08-01T03:00:00+03:00",
"updated_at": "2023-08-01T03:00:00+03:00",
"risk_type": "security",
"supported_pkg_types": ["npm","PyPI","Maven","Go","NuGet","Conan","Gems","Gradle","HuggingFaceML","Docker"],
"name": "Malicious package"
},
"pkg_types_include": [
"npm"
],
"waiver_request_config": "forbidden"
},
{
"id": "13",
"created_by": "admin",
"updated_by": "admin",
"created_at": "2025-03-12T16:28:34+02:00",
"updated_at": "2025-03-12T16:28:34+02:00",
"enabled": true,
"name": "no mal one repo",
"scope": "specific_repos",
"policy_action": "block",
"condition_id": "1",
"condition": {
"id": "1",
"is_custom": false,
"created_at": "2023-08-01T03:00:00+03:00",
"updated_at": "2023-08-01T03:00:00+03:00",
"risk_type": "security",
"supported_pkg_types": ["npm","PyPI","Maven","Go","NuGet","Conan","Gems","Gradle","HuggingFaceML","Docker"],
"name": "Malicious package"
},
"repo_include": [
"remote-npm-repo"
],
"waiver_request_config": "forbidden"
},
{
"id": "14",
"created_by": "admin",
"updated_by": "admin",
"created_at": "2025-03-12T16:28:57+02:00",
"updated_at": "2025-03-12T16:28:57+02:00",
"enabled": true,
"name": "no mal excluding a repo",
"scope": "all_repos",
"policy_action": "block",
"condition_id": "1",
"condition": {
"id": "1",
"is_custom": false,
"created_at": "2023-08-01T03:00:00+03:00",
"updated_at": "2023-08-01T03:00:00+03:00",
"risk_type": "security",
"supported_pkg_types": ["npm","PyPI","Maven","Go","NuGet","Conan","Gems","Gradle","HuggingFaceML","Docker"],
"name": "Malicious package"
},
"repo_exclude": [
"remote-npm-no-curation"
],
"waiver_request_config": "forbidden"
}
],
"meta": {
"total_count": 4,
"result_count": 4,
"order_by": "updated_at",
"direction": "asc",
"num_of_rows": 100,
"page_num": 1
}
}
Response Codes:
Status | Description |
|---|---|
200 | OK |
400 | Bad request |