Creating a Policy with the REST API

Veracode APIs

Use this command to create a policy:

http --auth-type=veracode_hmac POST “https://api.veracode.com/appsec/v1/policies” < input.json

The API passes the JSON file that you populate with the necessary values as shown in this example payload:

{
  "name": "TestPolicy",
  "type": "BLACKLIST",
  "description": "Policy to test create endpoint in end-to-end testing",
  "vendor_policy": false,
  "finding_rules": [
    {
      "type": "MAX_SEVERITY",
      "scan_type": [
        "DYNAMIC",
        "MANUAL",
        "STATIC"
      ],
      "value": "3"
    }
  ],
  "scan_type": [
    "SCA"
  ],
  "value": "14212"
}      

The example payload specifies to create a policy with two policy rules:

  • MAX_SEVERITY rule that specifies to apply a finding-severity rating of 3 to all dynamic analysis, manual testing, and static analysis scans.
  • BLACKLIST rule that specifies to apply the blocklist for the organization, based on the organization ID, to all SCA scans.

Policy API Rules Properties describes each of the rule properties.