Update Policy

put

https://jf.example.com/xray/api/v2/policies/{name}

Updates an existing policy (v2 API). The policy name in the URL path is authoritative — it overrides any name field in the request body. The full policy definition must be provided (full replacement, not partial update).

Requires the "Manage Policies" role to be set on the User or Group level.

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Path Params

name

string

required

The name of the policy to update. This value takes precedence over any name in the request body.

Query Params

projectKey

string

When provided, the update is scoped to the specified project.

Body Params

Request body for creating or updating a policy. A policy defines rules that determine how Xray identifies and acts on issues found during scanning. Each policy has a type (security, license, or operational_risk) and contains one or more rules. Each rule has criteria (what to match) and actions (what to do when matched).

name

string

required

Name of the policy. Must be unique across the system (or within a project when using projectKey).

description

string

Optional free-text description of the policy.

type

string

enum

required

The policy type. Determines which criteria fields are available in the rules.

Allowed:

rules

array of objects

required

One or more rules that define the policy behavior. Each rule specifies criteria to match and actions to take when matched.

rules*

Responses

Language

Credentials

Basic

base64

Loading…

Response

Click Try It! to start a request and see the response here! Or choose an example:

application/json

200Policy updated successfully.

400Policy name is empty or the policy is not valid.

403Permission denied or unsupported policy type for current license.

404Policy not found.

500Internal server error while updating the policy.