| FEATURE | DESCRIPTION | LICENSE/ADD-ON |
|---|---|---|
Application Security Policy API |
The Application Security Policy API (GET and POST /public_api/appsec/v1/policies) now includes expanded support for scanning across the pre-runtime (code, build, and deploy) lifecycles. This API enhancement enables you to define a single policy that covers multiple stages. The triggers field adds ciImage for CI pipeline image scans and imageRegistry for registry image scans. A new blockCiImage action enables you to block CI pipelines when image findings match policy conditions. The findingTypes field now uses a unified set of values: CICD_RISKS, VULNERABILITY, SECRETS, IAC_MISCONFIGURATION, CODE_WEAKNESS, LICENSES, OPERATIONAL_RISK, MALWARE, and DRIFT. An optional userSbac field has been added to the POST method for scoped access control during policy creation. |
Cloud Posture Security, Cloud Runtime Security, or Cortex XSIAM Premium license |
Billing Contributors API |
A new public API endpoint is introduced to retrieve a list of unique active contributors factored into your billing. This allows you to gain full transparency into your billable seats. |
Cloud Posture Security, Cloud Runtime Security, or Cortex XSIAM Premium license |