Create a Git Repository Policy

JFrog Security User Guide
ft:sourceType
Ftml

This is a step-by-step guide to creating a Git Repository Policy in Xray. To learn more about Policies, click here.

Info

For self-hosted, available from version 3.111 and above.

  1. Navigate to Xray → Watches & Policies.
  2. Click New Policy.
  3. Enter a Policy Name (e.g., "Production Security Policy").
  4. (Optional) Add a Description explaining the policy’s purpose.
  5. Choose the Policy Type:
    • Security Policy – Detects vulnerabilities in Git repositories.
    • Licences Policy
  6. Under the Policy Rules List tab, click on Create New Rule.
    The Create New Policy Rule window opens.
  7. Enter a Rule Name.
  8. From the Rule type dropdown, select:
  • SAST
  • CVEs
  • Exposures (Secrets only)
  1. From the Select minimal severity dropdown, select the severity level to trigger the rule.
  2. Click Save Rule to create a new rule.
  3. To attach the Policy to a Watch (that is already assigned to a Git Repository), select the Apply on Scope tab.
    Policies are enforced through Watches, which monitor Git repositories.
  4. Select an existing Watch.
  5. Click Save & Apply.