Policies must include one or more of the following types of requirements to which an application must adhere: rules, evaluation timeframes, scan requirements, and remediation grace periods. You define the requirements while creating a new policy.
Before you begin:
You must have the Policy Administrator role to create policies.
You can also create a policy with the Policy API.
To complete this task:
Go to Policies > Policies at the top of the Veracode Platform.
Select Add New Policy.
Enter the name of the new policy. This policy name appears in these locations:
Results from the Results and Archer APIs
Enter a detailed description of the policy. This policy description appears in the application scan results report.
Select the Use as Vendor Policy switch if you want to use this policy to calculate scan results that vendors share with you.
Select the scan requirement frequency for either all scan types or specific scan types.
After you successfully create the policy, the Veracode Platform displays a confirmation message.