Vulnerability management policy schema

The YAML file with vulnerability management policies consists of an array of objects matching vulnerability management policy schema nested under the vulnerability_management_policy key. You can configure a maximum of 5 policies under the vulnerability_management_policy key. Any other policies configured after the first 5 are not applied.

When you save a vulnerability management policy, its content is validated against the vulnerability management policy schema. If you’re not familiar with how to read JSON schemas, the following sections and tables provide an alternative.

FieldTypeRequiredDescription
vulnerability_management_policyarray of vulnerability management policytrueList of vulnerability management policies (maximum 5)

Vulnerability management policy

FieldTypeRequiredDescription
namestringtrueName of the policy. Maximum of 255 characters.
descriptionstringfalseDescription of the policy.
enabledbooleantrueFlag to enable (true) or disable (false) the policy.
rulesarray of rulestrueList of rules that define the policy’s criteria.
policy_scopeobject of policy_scopefalseScope of the policy, based on the projects, groups, or compliance framework labels you specify.
actionsarray of actionstrueAction to be taken on vulnerabilities matching the policy.

no_longer_detected rule

This rule defines the criteria for the policy.

FieldTypeRequiredPossible valuesDescription
typestringtrueno_longer_detectedThe rule’s type.
scannersarraytruesast, secret_detection, dependency_scanning, container_scanning, dast, coverage_fuzzing, api_fuzzingSpecifies the scanners for which this policy is enforced.
severity_levelsarraytruecritical, high, medium, low, info, unknownSpecifies the severity levels for which this policy is enforced.

auto_resolve action

This action resolves vulnerabilities matching the policy’s rules and scope.

FieldTypeRequiredPossible valuesDescription
typestringtrueauto_resolveThe action’s type.