Creating a Policy with the REST API

Veracode APIs

This use case scenario provides the Policy REST API command and payload for creating a security policy.

Use this command to create a policy:
http --auth-type=veracode_hmac POST “https://api.veracode.com/appsec/v1/policies” < policy.json
The API passes the JSON file that you populate with the necessary values as shown in this example:
{
        "name": "TestPolicy",
        "type": "CUSTOMER",
        "description": "Policy to test create endpoint in end-to-end testing",
        "vendor_policy": false,
        "finding_rules": [
          {
             "type": "MAX_SEVERITY",
             "scan_type": [
                  "DYNAMIC",
                  "MANUAL",
                  "STATIC"
             ],
             "value": "3"
          }
             ],
           "type": "BLACKLIST",
           "scan_type": [
                "SCA"
             ],
            "value": "14212"
}
The example payload specifies to create a policy with two policy rules:
  • MAX_SEVERITY rule that specifies to apply a finding-severity rating of 3 to all dynamic analysis, manual testing, and static analysis scans.
  • BLACKLIST rule that specifies to apply the blocklist for the organization, based on the organization ID, to all SCA scans.
Policy API Rules Properties describes each of the rule properties.