Skip to main content

Create a policy

Policies must include one or more of the following types of requirements to which an application must adhere: rules, evaluation timeframes, scan requirements, and remediation grace periods. You define the requirements while creating a new policy.

Before you begin:

You must have the Policy Administrator role to create policies.

You can also create a policy with the Policy API.

** To complete this task:**

  1. Go to Policies > Policies at the top of the Veracode Platform.

  2. Select Add New Policy.

  3. Enter the name of the new policy. This policy name appears in these locations:

    • Applications list

    • Application profile

    • Reports

    • Results from the Results and Archer APIs

  4. Enter a detailed description of the policy. This policy description appears in the application scan results report.

  5. Select the Use as Vendor Policy switch if you want to use this policy to calculate scan results that vendors share with you.

  6. Select Next.

  7. Add the rules, evaluation timeframe, grace periods, and custom severities that you want to include in the policy.

  8. Select Next.

  9. Select the scan requirement frequency for either all scan types or specific scan types.

  10. Select Finish.


After you successfully create the policy, the Veracode Platform displays a confirmation message.