Skip to main content

Manage custom security policies

Create custom policies and configure them to meet the specific security requirements for your applications. Veracode provides built-in policies that you can assign to your applications. You can't change the built-in policies, but you can copy them to create custom policies, and then configure the copies.

You can also manage policies with the Policy API.

Prerequisites

To manage custom policies, your account must have the Policy Administrator role.

Create a custom policy

Policies must include one or more constraints that define the security requirements that scanned applications must meet to pass the policy.

To complete this task:

  1. In the Veracode Platform, select Policies > Policies.

  2. Select Add New Policy.

  3. Enter the name of the new policy. This policy name appears in these locations:

    • Applications list
    • Application profile
    • Reports
    • Results from the Results and Archer APIs

  4. Enter a detailed description of the policy. This policy description appears in the application scan results report.

  5. Optionally, to use this policy to calculate scan results that vendors share with you, select Use as Vendor Policy.

  6. Select Next.

  7. Add the policy constraints that you want to include in the policy.

  8. Select Next.

  9. Select the scan requirement frequency for either all scan types or specific scan types.

  10. Select Finish.

After you successfully create the policy, the Veracode Platform displays a confirmation message.

Create a custom policy from an existing policy

If you want to create a new policy that is similar to an existing policy, you can copy that policy and make the changes you want. Copying a policy can simplify the process of creating a new policy.

To complete this task:

  1. In the Veracode Platform, select Policies > Policies.
  2. Find the policy you want to copy from the Policies table.
  3. Select the Actions menu and select Copy Policy.
  4. Edit the policy name and description and select Next.
  5. Add, delete, or edit any of the policy constraints and select Next.
  6. Make any necessary changes to the scan requirements and select Finish. The new policy is available in the Veracode Platform.

Edit a custom policy

You can edit a custom policy at any time. If you edit a policy that is assigned to any applications, Veracode automatically re-evaluates the applications against the updated policy.

To complete this task:

  1. In the Veracode Platform, select Policies > Policies.
  2. Find the policy you want to edit from the Policies table.
  3. Select the Actions menu and select Edit Policy.
  4. Make any necessary changes to the policy name or description and select Next.
  5. Add, delete, or edit any of the policy constraints and select Next.
  6. Make any necessary changes to the scan requirements and select Finish.

After you successfully edit the policy, the Veracode Platform displays a confirmation message and sends an email to members of the team associated with any applications to which the policy is assigned.

Delete a custom policy

You can delete any custom policy, but you cannot delete the built-in policies.

To complete this task:

  1. In the Veracode Platform, select Policies > Policies.
  2. Find the policy you want to delete from the Policies table.
  3. Select Actions > Delete Policy.
  4. If the policy is assigned to any applications, select another policy from the Select New Policy dropdown menu to replace it, and select Next.
  5. Select Delete.
Last updated on