Create Policy

post

https://jf.example.com/xray/api/v1/policies

Creates a new security, license, or operational risk policy. A policy contains rules that define criteria for matching issues and actions to take when issues are found (e.g., block downloads, fail builds, send notifications). Once created, assign the policy to one or more watches using the Assign Policy to Watches endpoint.

Requires the "Manage Policies" role to be set on the User or Group level. For Xray version 3.21.2 and above with Projects, a Project Admin with Manage Security Assets privilege can create policies in the scope of a project by using the additional query parameter projectKey.

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Query Params

projectKey

string

When provided, the policy is created in the scope of the specified project. Requires Xray 3.21.2+ with Projects enabled.

Body Params

Request body for creating or updating a policy. A policy defines rules that determine how Xray identifies and acts on issues found during scanning. Each policy has a type (security, license, or operational_risk) and contains one or more rules. Each rule has criteria (what to match) and actions (what to do when matched).

name

string

required

Name of the policy. Must be unique across the system (or within a project when using projectKey).

description

string

Optional free-text description of the policy.

type

string

enum

required

The policy type. Determines which criteria fields are available in the rules.

Allowed:

rules

array of objects

required

One or more rules that define the policy behavior. Each rule specifies criteria to match and actions to take when matched.

rules*

Responses

201Policy created successfully.

400Policy is not valid. Check mandatory fields (name, type, rules).

403Permission denied. User lacks the Manage Policies role.

409A policy with the given name already exists.

415Failed to parse the request body.

500Internal server error while creating the policy.