Create Operational Risk Policy

JFrog Security Documentation

JFrog Xray
Content Type
User Guide

An Operational Risk Policy type includes rules that are based on the risk criteria determined by Xray. To create a Policy, do the following:

  1. In the Administration module, select Watches & Policies and from the Policies tab click New Policy.

  2. Select Policy type as Operational Risk, and click New Rule.

  3. Select the rule criteria. You can do one of the following:

    1. According to minimal risk level; low, medium or high.

    2. According to specific values of the sub-criteria under Custom Conditions. The Custom Conditions are based on the available Xray Operational Risk data. The relationship between the conditions is Or/And.


For more information on creating Policies, see Creating Xray Policies and Rules. After creating the Policy, you can proceed to attach it to a Watch, as described in Configuring Xray Watches.