Create a policy with the REST API

Send the following request to create a policy:

http --auth-type=veracode_hmac POST “https://api.veracode.com/appsec/v1/policies” < input.json

The API passes the JSON file that you populate with the necessary values as shown in this example payload:

{
  "name": "TestPolicy",
  "type": "BLACKLIST",
  "description": "Policy to test create endpoint in end-to-end testing",
  "vendor_policy": false,
  "finding_rules": [
    {
      "type": "MAX_SEVERITY",
      "scan_type": [
        "DYNAMIC",
        "MANUAL",
        "STATIC"
      ],
      "value": "3"
    }
  ],
  "scan_type": [
    "SCA"
  ],
  "value": "14212"
}      

The example payload specifies to create a policy with two policy rules:

MAX_SEVERITY rule that specifies to apply a finding-severity rating of 3 to all dynamic analysis, manual testing, and static analysis scans.
BLACKLIST rule that specifies to apply the blocklist for the organization, based on the organization ID, to all SCA scans.

Policy API rules properties describes each of the rule properties.

Did you find this helpful?