Create a Policy

Application Security Policies

Publication
Application Security Policies
Edition date
2023-01-23
Last publication
2023-01-23T19:15:23.437089

Policies must include one or more of the following types of requirements to which an application must adhere: rules, evaluation timeframes, scan requirements, and remediation grace periods. You define the requirements while creating a new policy.

Before you begin:

You must have the Policy Administrator role to create policies.

You can also create a policy with the Policy API.

To complete this task:

  1. Go to Policies > Policies at the top of the Veracode Platform.

  2. Click Add New Policy.

  3. Enter the name of the new policy. This policy name appears in these locations:

    • Applications list

    • Application profile

    • Reports

    • Results from the Results and Archer APIs

  4. Enter a detailed description of the policy. This policy description appears in the application scan results report.

  5. Click the Use as Vendor Policy switch if you want to use this policy to calculate scan results that vendors share with you.

  6. Click Next.

  7. Add the rules, evaluation timeframe, grace periods, and custom severities that you want to include in the policy.

  8. Click Next.

  9. Select the scan requirement frequency for either all scan types or specific scan types.

  10. Click Finish.

Results:

After you successfully create the policy, the Veracode Platform displays a confirmation message.