Vulnerability management policy schema
The YAML file with vulnerability management policies consists of an array of objects matching
vulnerability management policy schema nested under the vulnerability_management_policy key. You
can configure a maximum of 5 policies under the vulnerability_management_policy key. Any other
policies configured after the first 5 are not applied.
When you save a vulnerability management policy, its content is validated against the vulnerability management policy schema. If you’re not familiar with how to read JSON schemas, the following sections and tables provide an alternative.
| Field | Type | Required | Description |
|---|---|---|---|
vulnerability_management_policy | array of vulnerability management policy | true | List of vulnerability management policies (maximum 5) |
Vulnerability management policy
| Field | Type | Required | Description |
|---|---|---|---|
name | string | true | Name of the policy. Maximum of 255 characters. |
description | string | false | Description of the policy. |
enabled | boolean | true | Flag to enable (true) or disable (false) the policy. |
rules | array of rules | true | List of rules that define the policy’s criteria. |
policy_scope | object of policy_scope | false | Scope of the policy, based on the projects, groups, or compliance framework labels you specify. |
actions | array of actions | true | Action to be taken on vulnerabilities matching the policy. |
no_longer_detected rule
This rule defines the criteria for the policy.
| Field | Type | Required | Possible values | Description |
|---|---|---|---|---|
type | string | true | no_longer_detected | The rule’s type. |
scanners | array | true | sast, secret_detection, dependency_scanning, container_scanning, dast, coverage_fuzzing, api_fuzzing | Specifies the scanners for which this policy is enforced. |
severity_levels | array | true | critical, high, medium, low, info, unknown | Specifies the severity levels for which this policy is enforced. |
auto_resolve action
This action resolves vulnerabilities matching the policy’s rules and scope.
| Field | Type | Required | Possible values | Description |
|---|---|---|---|---|
type | string | true | auto_resolve | The action’s type. |
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support