Creating SCA Policy Rules

Application Security Policies

You can add to policy rules that are specific to Software Composition Analysis (SCA), if you subscribe to this feature.

Adding SCA Rules

When you create a new policy, you can add rules that are specific to SCA.
  1. Go to the Software Composition Analysis Rules section.
  2. From the dropdown menu, select a type of SCA rule:
    Disallow Component Blacklist
    Automatically prevents an application from passing policy if a scan detects blacklisted components. Click Blacklist to see which components are on the blacklist.
    Disallow CVSS Score
    Automatically prevents an application from passing policy if a scan detects any vulnerability with the specified CVSS score or higher.
    Disallow Vulnerabilities by Severity
    Automatically prevents an application from passing policy if a scan detects any vulnerability with the specified severity or higher.
    Disallow Component by License Risk
    Automatically prevents an application from passing policy if a scan detects any license with the specified license risk rating.
  3. Click Add.

Select an SCA rule type.