This table defines the available fields for building policy scopes that target specific assets.
Pretty Name (FIELD_PRETTY_NAME)
Field Name (SEARCH_FIELD)
Data Type (DATA_TYPE)
Allowed (SEARCH_TYPE) Values
Possible search values (SEARCH_VALUE)
Description
Relevant Finding Types
Application Business Criticality
application_business_criticality
ENUM
EQ, NEQ
CRITICAL, HIGH, MEDIUM, LOW
The criticality level of the application.
All
Application Business Owner
application_business_owner
STRING
CONTAINS_IN_LIST, NOT_CONTAINS_IN_LIST
(No predefined list)
The owner's identifier for the business application.
All
Asset Type
asset_type_name
ENUM
EQ, NEQ
BUILD_IMAGE, BUSINESS_APPLICATION, BUSINESS_APPLICATION, CIRCLE_CI_REPOSITORY, ORTEX_CLI_REPOSITORY, GITHUB_ACTIONS_REPOSITORY, GITHUB_ENTERPRISE_REPOSITORY, GITHUB_REPOSITORY, GITLAB_REPOSITORY, GITLAB_SELF_MANAGED_REPOSITORY, GOOGLE_CLOUD_REPOSITORY, HCP_TFC_RUN_TASKS_REPOSITORY, HCP_TFE_RUN_TASKS_REPOSITORY, JENKINS_REPOSITORY, REGISTRY_IMAGE
The type of asset being evaluated, such as a repository, build image, or registry image.
IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE
Asset Type
asset_type_name
STRING
WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS
(No predefined list)
The type of asset being evaluated, specified as a free-text string.
CICD_RISKS
Business Application Names
business_application_names
STRING
ARRAY_CONTAINS, ARRAY_NOT_CONTAINS, NIS_EMPTY
(No predefined list)
Filter by the names of the business applications.
All
Category
category
ENUM
EQ, NEQ
APPLICATION, CONTAINER_IMAGE, REPOSITORY, CICD_INSTANCE, CICD_PIPELINE, VCS_COLLABORATOR, VCS_ORGANIZATION
The asset type categories to include.
All
CI/CD Instance Id
cicd_instance_id
STRING
WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS
(No predefined list)
The unique identifier of the CI/CD instance
CICD_RISKS
CI/CD Instance Name
cicd_instance_name
STRING
WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS
(No predefined list)
The name of the CI/CD instance.
CICD_RISKS
CI/CD Pipeline Id
cicd_pipeline_id
STRING
WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS
(No predefined list)
The unique identifier of the CI/CD pipeline
CICD_RISKS
CI/CD Pipeline Name
cicd_pipeline_name
STRING
WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS
(No predefined list)
The name of the CI/CD pipeline
CICD_RISKS
Cloud Account
cloud_account
STRING
EQ, NEQ, CONTAINS
(No predefined list)
Filter by the cloud account names
DRIFT
Cloud Region
cloud_region
STRING
EQ, NEQ, CONTAINS
(No predefined list)
Filter by the cloud region
DRIFT
Has Deployed Assets
has_deployed_assets
BOOLEAN
EQ, NEQ
true, false
Whether the repository has any deployed components.
IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE, DRIFT
Has deployed assets with Access to sensitive data
has_access_sensitive_data
BOOLEAN
EQ, NEQ
true, false
Whether deployed assets have access to sensitive data stores.
IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE, DRIFT
Has deployed assets with privileged capabilities
has_leverage_privileged_capabilities
BOOLEAN
EQ, NEQ
true, false
Whether deployed assets have privileged execution capabilities.
IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE, DRIFT
Has Internet-exposed deployed assets
has_internet_exposed
BOOLEAN
EQ, NEQ
true, false
Whether the deployed components are exposed to the internet.
IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE, DRIFT
Image Architecture
image_architecture
STRING
WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS
(No predefined list)
The CPU architecture of the container image
IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE
Image Names
image_names
STRING
CONTAINS_IN_LIST, NOT_CONTAINS_IN_LIST
(No predefined list)
Filter by the names of Registry images
IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE
Is Public Repository
is_public_repository
BOOLEAN
EQ, NEQ
true, false
Whether the repository is public.
All
Organization URL
organization_url
STRING
CONTAINS_IN_LIST, NOT_CONTAINS_IN_LIST
(No predefined list)
The URL of the version control system (VCS) organization or group
IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE
Provider
repository_provider
ENUM
EQ, NEQ
ACTIVE_DIRECTORY AKAMAI ALIBABA_CLOUD ATT AWS AWS_CLOUD AWS_CODE_BUILD AWS_CODE_COMMIT AZURE AZURE_CLOUD AZURE_DEVOPS AZURE_PIPELINES AZURE_REPOS BITBUCKET BITBUCKET_DATACENTER CHARTER_COMMUNICATIONS CHECKMARX CIRCLE_CI CLOUDFLARE CORTEX_CLI DATABRICKS DOCKER DOCKER_HUB FASTLY GCP GCP_CLOUD GITHUB GITHUB_ACTIONS GITHUB_ENTERPRISE GITLAB GITLAB_CI GITLAB_CONTAINER_REGISTRY GITLAB_SELF_MANAGED HARBOR HCP_TFC_RUN_TASKS HCP_TFE_RUN_TASKS IBM_CLOUD INCAPSULA JENKINS JFROG_ARTIFACTORY MICROSOFT_OFFICE_365 OCI OCI_CLOUD OKTA ON_PREM ORACLE OTHER PANW RACKSPACE SEMGREP SNOWFLAKE SNYK SONARQUBE SONATYPE VERACODE
The infrastructure or code hosting provider.
All
Repository Id
repository_id
STRING
WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS
(No predefined list)
The unique ID of the repository.
All
Repository labels
repository_labels
ENUM
ARRAY_CONTAINS, ARRAY_NOT_CONTAINS
ARCHIVED, PRIVATE, PUBLIC
Whether the repository labels are public, private, or archieved. - Need to get this description reviewed
IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE
Repository Name
repository_name
STRING
WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS
(No predefined list)
The name of the code repository.
All
Source Branch
source_branch
STRING
WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS
(No predefined list)
Name of the source branch in the repository.
IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE
Tags
asset_tags
STRING
WILDCARD, NOT_WILDCARD
(No predefined list)
Custom tags assigned to the asset
IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE, CICD_RISKS
VCS Collaborator Email
collaborator_email
STRING
WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS
(No predefined list)
The email address of the VCS collaborator.
CICD_RISKS
VCS Collaborator Last Observed
collaborator_inactive_days
STRING
EQ, NEQ, LTE, GTE
(No predefined list)
The number of days since the VCS collaborator was last active.
CICD_RISKS
VCS Collaborator MFA Enabled
collaborator_mfa_enabled
BOOLEAN
EQ, NEQ
TRUE, FALSE
Whether the VCS collaborator has multi-factor authentication (MFA) enabled on their account.
CICD_RISKS
VCS Collaborator Name
collaborator_name
STRING
WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS
(No predefined list)
Name of the VCS collaborator.
CICD_RISKS
VCS Organization Name
repository_organization_name
STRING
WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS
(No predefined list)
The name of the VCS organization that owns the repository.
CICD_RISKS
This table defines the available fields for building policy scopes that target specific assets.
| Pretty Name (FIELD_PRETTY_NAME) | Field Name (SEARCH_FIELD) | Data Type (DATA_TYPE) | Allowed (SEARCH_TYPE) Values | Possible search values (SEARCH_VALUE) | Description | Relevant Finding Types |
|---|---|---|---|---|---|---|
| Application Business Criticality | application_business_criticality | ENUM | EQ, NEQ | CRITICAL, HIGH, MEDIUM, LOW | The criticality level of the application. | All |
| Application Business Owner | application_business_owner | STRING | CONTAINS_IN_LIST, NOT_CONTAINS_IN_LIST | (No predefined list) | The owner's identifier for the business application. | All |
| Asset Type | asset_type_name | ENUM | EQ, NEQ | BUILD_IMAGE, BUSINESS_APPLICATION, BUSINESS_APPLICATION, CIRCLE_CI_REPOSITORY, ORTEX_CLI_REPOSITORY, GITHUB_ACTIONS_REPOSITORY, GITHUB_ENTERPRISE_REPOSITORY, GITHUB_REPOSITORY, GITLAB_REPOSITORY, GITLAB_SELF_MANAGED_REPOSITORY, GOOGLE_CLOUD_REPOSITORY, HCP_TFC_RUN_TASKS_REPOSITORY, HCP_TFE_RUN_TASKS_REPOSITORY, JENKINS_REPOSITORY, REGISTRY_IMAGE | The type of asset being evaluated, such as a repository, build image, or registry image. | IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE |
| Asset Type | asset_type_name | STRING | WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS | (No predefined list) | The type of asset being evaluated, specified as a free-text string. | CICD_RISKS |
| Business Application Names | business_application_names | STRING | ARRAY_CONTAINS, ARRAY_NOT_CONTAINS, NIS_EMPTY | (No predefined list) | Filter by the names of the business applications. | All |
| Category | category | ENUM | EQ, NEQ | APPLICATION, CONTAINER_IMAGE, REPOSITORY, CICD_INSTANCE, CICD_PIPELINE, VCS_COLLABORATOR, VCS_ORGANIZATION | The asset type categories to include. | All |
| CI/CD Instance Id | cicd_instance_id | STRING | WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS | (No predefined list) | The unique identifier of the CI/CD instance | CICD_RISKS |
| CI/CD Instance Name | cicd_instance_name | STRING | WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS | (No predefined list) | The name of the CI/CD instance. | CICD_RISKS |
| CI/CD Pipeline Id | cicd_pipeline_id | STRING | WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS | (No predefined list) | The unique identifier of the CI/CD pipeline | CICD_RISKS |
| CI/CD Pipeline Name | cicd_pipeline_name | STRING | WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS | (No predefined list) | The name of the CI/CD pipeline | CICD_RISKS |
| Cloud Account | cloud_account | STRING | EQ, NEQ, CONTAINS | (No predefined list) | Filter by the cloud account names | DRIFT |
| Cloud Region | cloud_region | STRING | EQ, NEQ, CONTAINS | (No predefined list) | Filter by the cloud region | DRIFT |
| Has Deployed Assets | has_deployed_assets | BOOLEAN | EQ, NEQ | true, false | Whether the repository has any deployed components. | IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE, DRIFT |
| Has deployed assets with Access to sensitive data | has_access_sensitive_data | BOOLEAN | EQ, NEQ | true, false | Whether deployed assets have access to sensitive data stores. | IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE, DRIFT |
| Has deployed assets with privileged capabilities | has_leverage_privileged_capabilities | BOOLEAN | EQ, NEQ | true, false | Whether deployed assets have privileged execution capabilities. | IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE, DRIFT |
| Has Internet-exposed deployed assets | has_internet_exposed | BOOLEAN | EQ, NEQ | true, false | Whether the deployed components are exposed to the internet. | IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE, DRIFT |
| Image Architecture | image_architecture | STRING | WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS | (No predefined list) | The CPU architecture of the container image | IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE |
| Image Names | image_names | STRING | CONTAINS_IN_LIST, NOT_CONTAINS_IN_LIST | (No predefined list) | Filter by the names of Registry images | IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE |
| Is Public Repository | is_public_repository | BOOLEAN | EQ, NEQ | true, false | Whether the repository is public. | All |
| Organization URL | organization_url | STRING | CONTAINS_IN_LIST, NOT_CONTAINS_IN_LIST | (No predefined list) | The URL of the version control system (VCS) organization or group | IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE |
| Provider | repository_provider | ENUM | EQ, NEQ | ACTIVE_DIRECTORY AKAMAI ALIBABA_CLOUD ATT AWS AWS_CLOUD AWS_CODE_BUILD AWS_CODE_COMMIT AZURE AZURE_CLOUD AZURE_DEVOPS AZURE_PIPELINES AZURE_REPOS BITBUCKET BITBUCKET_DATACENTER CHARTER_COMMUNICATIONS CHECKMARX CIRCLE_CI CLOUDFLARE CORTEX_CLI DATABRICKS DOCKER DOCKER_HUB FASTLY GCP GCP_CLOUD GITHUB GITHUB_ACTIONS GITHUB_ENTERPRISE GITLAB GITLAB_CI GITLAB_CONTAINER_REGISTRY GITLAB_SELF_MANAGED HARBOR HCP_TFC_RUN_TASKS HCP_TFE_RUN_TASKS IBM_CLOUD INCAPSULA JENKINS JFROG_ARTIFACTORY MICROSOFT_OFFICE_365 OCI OCI_CLOUD OKTA ON_PREM ORACLE OTHER PANW RACKSPACE SEMGREP SNOWFLAKE SNYK SONARQUBE SONATYPE VERACODE | The infrastructure or code hosting provider. | All |
| Repository Id | repository_id | STRING | WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS | (No predefined list) | The unique ID of the repository. | All |
| Repository labels | repository_labels | ENUM | ARRAY_CONTAINS, ARRAY_NOT_CONTAINS | ARCHIVED, PRIVATE, PUBLIC | Whether the repository labels are public, private, or archieved. - Need to get this description reviewed | IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE |
| Repository Name | repository_name | STRING | WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS | (No predefined list) | The name of the code repository. | All |
| Source Branch | source_branch | STRING | WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS | (No predefined list) | Name of the source branch in the repository. | IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE |
| Tags | asset_tags | STRING | WILDCARD, NOT_WILDCARD | (No predefined list) | Custom tags assigned to the asset | IAC_MISCONFIGURATION, SECRETS, VULNERABILITY, LICENSES, OPERATIONAL_RISK, CODE_WEAKNESS, MALWARE, CICD_RISKS |
| VCS Collaborator Email | collaborator_email | STRING | WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS | (No predefined list) | The email address of the VCS collaborator. | CICD_RISKS |
| VCS Collaborator Last Observed | collaborator_inactive_days | STRING | EQ, NEQ, LTE, GTE | (No predefined list) | The number of days since the VCS collaborator was last active. | CICD_RISKS |
| VCS Collaborator MFA Enabled | collaborator_mfa_enabled | BOOLEAN | EQ, NEQ | TRUE, FALSE | Whether the VCS collaborator has multi-factor authentication (MFA) enabled on their account. | CICD_RISKS |
| VCS Collaborator Name | collaborator_name | STRING | WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS | (No predefined list) | Name of the VCS collaborator. | CICD_RISKS |
| VCS Organization Name | repository_organization_name | STRING | WILDCARD, WILDCARD_NOT, CONTAINS, NCONTAINS | (No predefined list) | The name of the VCS organization that owns the repository. | CICD_RISKS |
SEARCH_FIELDstringrequiredDefines the field the matching criteria filter should match. To see which fields are allowed for each type, see the Supported Scope Fields table.
Defines the field the matching criteria filter should match. To see which fields are allowed for each type, see the Supported Scope Fields table.
SEARCH_TYPEstring (Enum)requiredCondition operator for this filter.
Condition operator for this filter.
SEARCH_VALUEobjectrequiredValue that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
Value that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
booleanValue that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
Value that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
numberdoubleValue that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
Value that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
stringValue that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
Value that the condition filter must match. The type of this field will differ depending on the SEARCH_FIELD that you specified.
ANDarray
SEARCH_FIELDstringrequiredField the condition filter matches.
Field the condition filter matches.
"Finding Type"SEARCH_TYPEstring (Enum)requiredCondition operator for this filter.
Condition operator for this filter.
SEARCH_VALUEobjectrequiredThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
booleanThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
fromnumberdoubleThe lower bound of a range query.
The lower bound of a range query.
tonumberdoubleThe upper bound of a range query.
The upper bound of a range query.
keystringThe key for key-value pair matching.
The key for key-value pair matching.
valuestringThe value for key-value pair matching.
The value for key-value pair matching.
numberdoubleThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
stringThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
ANDarray
SEARCH_FIELDstringrequiredField the condition filter matches.
Field the condition filter matches.
"Finding Type"SEARCH_TYPEstring (Enum)requiredCondition operator for this filter.
Condition operator for this filter.
SEARCH_VALUEobjectrequiredThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
booleanThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
fromnumberdoubleThe lower bound of a range query.
The lower bound of a range query.
tonumberdoubleThe upper bound of a range query.
The upper bound of a range query.
keystringThe key for key-value pair matching.
The key for key-value pair matching.
valuestringThe value for key-value pair matching.
The value for key-value pair matching.
numberdoubleThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
stringThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
ANDarray
ORarray
ORarray
SEARCH_FIELDstringrequiredField the condition filter matches.
Field the condition filter matches.
"Finding Type"SEARCH_TYPEstring (Enum)requiredCondition operator for this filter.
Condition operator for this filter.
SEARCH_VALUEobjectrequiredThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
booleanThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
fromnumberdoubleThe lower bound of a range query.
The lower bound of a range query.
tonumberdoubleThe upper bound of a range query.
The upper bound of a range query.
keystringThe key for key-value pair matching.
The key for key-value pair matching.
valuestringThe value for key-value pair matching.
The value for key-value pair matching.
numberdoubleThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
stringThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
ANDarray
ORarray
ORarray
SEARCH_FIELDstringrequiredField the condition filter matches.
Field the condition filter matches.
"Finding Type"SEARCH_TYPEstring (Enum)requiredCondition operator for this filter.
Condition operator for this filter.
SEARCH_VALUEobjectrequiredThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
booleanThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
fromnumberdoubleThe lower bound of a range query.
The lower bound of a range query.
tonumberdoubleThe upper bound of a range query.
The upper bound of a range query.
keystringThe key for key-value pair matching.
The key for key-value pair matching.
valuestringThe value for key-value pair matching.
The value for key-value pair matching.
numberdoubleThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
stringThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
ANDarray
SEARCH_FIELDstringrequiredField the condition filter matches.
Field the condition filter matches.
"Finding Type"SEARCH_TYPEstring (Enum)requiredCondition operator for this filter.
Condition operator for this filter.
SEARCH_VALUEobjectrequiredThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
booleanThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
fromnumberdoubleThe lower bound of a range query.
The lower bound of a range query.
tonumberdoubleThe upper bound of a range query.
The upper bound of a range query.
keystringThe key for key-value pair matching.
The key for key-value pair matching.
valuestringThe value for key-value pair matching.
The value for key-value pair matching.
numberdoubleThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
stringThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
ANDarray
ORarray
ORarray
SEARCH_FIELDstringrequiredField the condition filter matches.
Field the condition filter matches.
"Finding Type"SEARCH_TYPEstring (Enum)requiredCondition operator for this filter.
Condition operator for this filter.
SEARCH_VALUEobjectrequiredThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
booleanThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
fromnumberdoubleThe lower bound of a range query.
The lower bound of a range query.
tonumberdoubleThe upper bound of a range query.
The upper bound of a range query.
keystringThe key for key-value pair matching.
The key for key-value pair matching.
valuestringThe value for key-value pair matching.
The value for key-value pair matching.
numberdoubleThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
stringThe value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
The value compared against. The type of this field will differ depending on the SEARCH_FIELD that was specified.
ANDarray
ORarray
triggersobjectDefines when the AppSec policy should be evaluated. Configure triggers for periodic code scans, Pull Requests (PRs), CI Code scan, CI image scans, and Registry image scans. At least one trigger must have isEnabled set to true.
Defines when the AppSec policy should be evaluated. Configure triggers for periodic code scans, Pull Requests (PRs), CI Code scan, CI image scans, and Registry image scans. At least one trigger must have isEnabled set to true.
cicdobjectConfiguration for the CI Code trigger. If true, the policy is evaluated on CI/CD pipeline events.
Configuration for the CI Code trigger. If true, the policy is evaluated on CI/CD pipeline events.
actionsobjectActions to take when the policy detects its target risk and the policy is triggered.
Actions to take when the policy detects its target risk and the policy is triggered.
blockCicdbooleanrequiredIndicates if triggering the policy should block the CI/CD pipeline.
Indicates if triggering the policy should block the CI/CD pipeline.
reportCicdbooleanrequiredIndicates if triggering the policy should soft fail the CI/CD pipeline in the platform.
Indicates if triggering the policy should soft fail the CI/CD pipeline in the platform.
reportIssuebooleanrequiredIndicates if triggering the policy should create an issue.
Indicates if triggering the policy should create an issue.
isEnabledbooleanrequiredIndicates whether the CI Code Scan trigger is enabled.
Indicates whether the CI Code Scan trigger is enabled.
trueoverrideIssueSeverityobject (Enum)Optional. Set the severity of the issue (and override the system severity). If not used or set to null, system severity is kept.
Optional. Set the severity of the issue (and override the system severity). If not used or set to null, system severity is kept.
ciImageobjectConfiguration for the CI image trigger. If true, the policy is evaluated during CI image scans.
Configuration for the CI image trigger. If true, the policy is evaluated during CI image scans.
actionsobjectActions to take when the policy detects its target risk and the policy is triggered.
Actions to take when the policy detects its target risk and the policy is triggered.
blockCicdbooleanrequiredIndicates if triggering the policy should block the CI image.
Indicates if triggering the policy should block the CI image.
reportCicdbooleanrequiredIndicates if triggering the policy should soft fail the CI image in the platform.
Indicates if triggering the policy should soft fail the CI image in the platform.
reportIssuebooleanrequiredIndicates if triggering the policy should create an issue.
Indicates if triggering the policy should create an issue.
isEnabledbooleanrequiredIndicates whether the CI Image Scan trigger is enabled.
Indicates whether the CI Image Scan trigger is enabled.
trueoverrideIssueSeverityobject (Enum)requiredSet the severity of the issue (and override the system severity). If not used or set to null, system severity is kept.
Set the severity of the issue (and override the system severity). If not used or set to null, system severity is kept.
imageRegistryobjectConfiguration for the image registry trigger. If true, the policy is evaluated during registry image scans.
Configuration for the image registry trigger. If true, the policy is evaluated during registry image scans.
actionsobjectActions to take when the policy detects its target risk and the policy is triggered.
Actions to take when the policy detects its target risk and the policy is triggered.
reportIssuebooleanrequiredIndicates if triggering the policy should create an issue.
Indicates if triggering the policy should create an issue.
isEnabledbooleanrequiredIndicates whether the Registry Image Scan trigger is enabled.
Indicates whether the Registry Image Scan trigger is enabled.
overrideIssueSeverityobject (Enum)requiredSet the severity of the issue (and override the system severity). If not used or set to null, system severity is kept.
Set the severity of the issue (and override the system severity). If not used or set to null, system severity is kept.
periodicobjectConfiguration for the periodic code scan (scheduled) trigger. If true, the policy is evaluated.
Configuration for the periodic code scan (scheduled) trigger. If true, the policy is evaluated.
actionsobjectActions to take when the policy detects its target risk and the policy is triggered.
Actions to take when the policy detects its target risk and the policy is triggered.
reportIssuebooleanrequiredIndicates if triggering the policy should create an issue.
Indicates if triggering the policy should create an issue.
isEnabledbooleanrequiredIndicates whether the Periodic Scan trigger is enabled.
Indicates whether the Periodic Scan trigger is enabled.
trueoverrideIssueSeverityobject (Enum)Optional. Set the severity of the issue (and override the system severity). If not used or set to null, system severity is kept.
Optional. Set the severity of the issue (and override the system severity). If not used or set to null, system severity is kept.
probjectConfiguration for the pull request (PR) trigger. If true, the policy is evaluated on Pull Request (PR) events
Configuration for the pull request (PR) trigger. If true, the policy is evaluated on Pull Request (PR) events
actionsobjectActions to take when the policy detects its target risk and the policy is triggered.
Actions to take when the policy detects its target risk and the policy is triggered.
blockPrbooleanrequiredIndicates if triggering the policy should block the pull request.
Indicates if triggering the policy should block the pull request.
reportIssuebooleanrequiredIndicates if triggering the policy should create an issue.
Indicates if triggering the policy should create an issue.
reportPrCommentbooleanrequiredIndicates if triggering the policy should create comments on the pull request.
Indicates if triggering the policy should create comments on the pull request.
isEnabledbooleanrequiredIndicates whether the PR Scan trigger is enabled.
Indicates whether the PR Scan trigger is enabled.
trueoverrideIssueSeverityobject (Enum)Optional. Set the severity of the issue (and override the system severity). If not used or set to null, system severity is kept.
Optional. Set the severity of the issue (and override the system severity). If not used or set to null, system severity is kept.
relatedDetectionRulesarray[string]List of related detection rules.
List of related detection rules.
enabledbooleanWhether the policy is enabled.
Whether the policy is enabled.
suggestionIdstringUnique identifier for the suggested policy.
Unique identifier for the suggested policy.
assetGroupIdsarray[number]List of asset groups to which the policy applies. If the array is empty, the policy applies to all asset groups.
List of asset groups to which the policy applies. If the array is empty, the policy applies to all asset groups.
userSbacarray[number]Asset group IDs representing the user's scoped-based access control (SBAC) permissions at the time the policy is modified. Controls which asset groups the policy applies to based on the modifier's access. When empty, the policy applies to all asset groups.
Asset group IDs representing the user's scoped-based access control (SBAC) permissions at the time the policy is modified. Controls which asset groups the policy applies to based on the modifier's access. When empty, the policy applies to all asset groups.
{
"name": "Updated policy name",
"description": "Updated policy description",
"conditions": {
"AND": [
{
"SEARCH_FIELD": "Finding Type",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "VULNERABILITY"
},
{
"OR": [
{
"SEARCH_FIELD": "Severity",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "CRITICAL"
},
{
"SEARCH_FIELD": "Severity",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": "HIGH"
}
]
}
]
},
"scope": {
"AND": [
{
"SEARCH_FIELD": "has_deployed_assets",
"SEARCH_TYPE": "EQ",
"SEARCH_VALUE": true
}
]
},
"triggers": {
"periodic": {
"isEnabled": true,
"actions": {
"reportIssue": true
},
"overrideIssueSeverity": "High"
},
"pr": {
"isEnabled": true,
"actions": {
"reportIssue": true,
"blockPr": true,
"reportPrComment": true
},
"overrideIssueSeverity": null
},
"cicd": {
"isEnabled": true,
"actions": {
"reportIssue": true,
"blockCicd": false,
"reportCicd": true
},
"overrideIssueSeverity": null
},
"ciImage": {
"isEnabled": false,
"actions": {
"reportIssue": false,
"blockCicd": false,
"reportCicd": false
},
"overrideIssueSeverity": null
},
"imageRegistry": {
"isEnabled": false,
"actions": {
"reportIssue": false
},
"overrideIssueSeverity": null
}
}
}No content
Unprocessable Entity
errorCodestringThe HTTP error category. Indicates the general type of error that occurred.
The HTTP error category. Indicates the general type of error that occurred.
messagestringA human-readable message with specific details about why the request failed. Use this message for debugging and troubleshooting.
A human-readable message with specific details about why the request failed. Use this message for debugging and troubleshooting.
{
"errorCode": "_BadParamsError",
"message": "The following triggers are not compatible with the policy conditions: [CI Image, Image Registry]. Allowed triggers based on conditions: [PR, CI/CD, Periodic]."
}{
"errorCode": "_BadParamsError",
"message": "Conditions cannot be empty."
}