Create a Policy

Application Security Policies

Policies must include one or more of the following types of requirements to which an application must adhere: rules, evaluation timeframes, scan requirements, and remediation grace periods. You define the requirements while creating a new policy.

Before You Begin

You must have the Policy Administrator role to create policies.

Overview

You can also create a policy with the Policy API.

Steps

  1. Go to Policies > Policies at the top of the Veracode Platform.

  2. Click Add New Policy.

  3. Enter the name of the new policy. This policy name appears in these locations:

    • Applications list

    • Application profile

    • Reports

    • Results from the Results and Archer APIs

  4. Enter a detailed description of the policy. This policy description appears in the application scan results report.

  5. Click the Use as Vendor Policy switch if you want to use this policy to calculate scan results that vendors share with you.

  6. Click Next.

  7. Add the rules, evaluation timeframe, grace periods, and custom severities that you want to include in the policy.

  8. Click Next.

  9. Select the scan requirement frequency for either all scan types or specific scan types.

  10. Click Finish.

Results

After you successfully create the policy, the Veracode Platform displays a confirmation message.