In the Administration module, select Watches & Policies and from the Policies tab click New Policy.
Select the policy rule type and configure the rule.
Security: Lets you create a set of rules around security vulnerabilities. Choose how you want Xray to respond to each vulnerability severity.
License: Lets you create a set of rules around allowed/banned sets of licenses.
Operational Risk: Lets you create a set of rules about the operational risk of using open source software components. For more information, see Components Operational Risk.
Set the priority in which rules are processed. Drag and drop the rules to place them according to their priority.
Set the Rule Criteria.
If the criteria is met, then the automatic actions of this rule are executed and the policy is considered as processed (no further rules will be checked).
Set automatic actions to run if a criteria is met.