This use case scenario provides the Policy REST API command and payload for creating a security policy.
Use this command to create a policy:
http --auth-type=veracode_hmac POST “https://api.veracode.com/appsec/v1/policies” < policy.json
The API passes the JSON file that you populate with the necessary
values as shown in this example:
{ "name": "TestPolicy", "type": "CUSTOMER", "description": "Policy to test create endpoint in end-to-end testing", "vendor_policy": false, "finding_rules": [ { "type": "MAX_SEVERITY", "scan_type": [ "DYNAMIC", "MANUAL", "STATIC" ], "value": "3" } ], "type": "BLACKLIST", "scan_type": [ "SCA" ], "value": "14212" }
The example payload specifies to create a policy with two policy rules:
- MAX_SEVERITY rule that specifies to apply a finding-severity rating of 3 to all dynamic analysis, manual testing, and static analysis scans.
- BLACKLIST rule that specifies to apply the blocklist for the organization, based on the organization ID, to all SCA scans.