AquilaX Docs
Service StatusFeature RequestLogin
  • Documentation
  • Products and Services
    • Demo
      • Security Engineer - Assistant
      • Security Engineer - Chat
    • Products
    • Services
      • Vulnerability Triaging
      • AppSec Training
      • DevSecOps Consultation
      • Deployment Options
      • Security Consultation
      • Integrations
    • Company Principles
      • Engineering Principles
      • AI Principles
      • AquilaX Mission
    • Proof of Value (PoV)
    • SLO/SLA/SLI
    • Security Scanners
    • Supported Languages
    • What is AquilaX
    • Success Cases
      • RemoteEngine
    • AquilaX License Model
  • User Manual
    • Access Tokens
    • Scanners
      • Secret Scanning
      • PII Scanner
      • SAST
      • SCA
      • Container Scanning
      • IaC Scanning
      • API Security
      • Malware Scanning
      • AI Generated Code
      • License Scanning
    • DevTools
      • AquilaX CLI
      • CI/CD
        • GitHub Integration
        • GitLab Integration
      • Vulnerability Tickets
        • GitHub Issues
        • GitLab Issues
        • JIRA Tickets
      • IDE
        • VS Code
    • Frameworks
    • Roles
    • Security Policy
    • Comparison
      • ArmorCode vs AquilaX
      • Black Duck vs AquilaX
      • AquilaX vs other Vendors
    • Press and Logo
    • Install AquilaX
    • Public Scan
    • Scanning Setup Guide
    • AI Chat Prompts
  • API Docs
  • Tech Articles
    • Proprietary AI Models
    • AquilaX Securitron
    • Securitron AI Service
    • Secure SDLC (DevSecOps)
    • Bending the technology
    • SecuriTron In Action
    • Future
      • The Future of Code Review
      • Building Superhumans
    • Blog
      • Breaking the Code: AquilaX
      • Rethinking Authentication in 2024
      • Software Supply Chain Security
      • OneFirewall - Network Security
      • The Art of Doing Source Code Review
      • Our Cloud Infrastracture
    • AppSec
      • 10 ‘must’ controls
      • OWASP Top 10
      • MITRE ATT&CK Framework
      • SQL Injection
      • DevSecOps
      • Insider Threats in Application Security
      • Secure API Development
      • RBAC in Applications
      • Security in CI/CD Pipelines
      • Audits in DevSecOps
      • Security Policies
      • S SDLC
      • Multi-Factor Authentication (MFA)
      • API Gateway Security
      • RESTful APIs
      • Microservices
      • Secure API Development
      • API Security Best Practices
    • AI
      • AI part of AppSec
      • NL-JSON Model
      • Findings Review (AquilaX AI)
      • AI-Driven Vulnerability Triage
    • Tech Events
      • Web Summit 2024
    • ASPM
    • State of Art Secure SDLC
      • Validating Runtime Security
    • Announcements
      • 10 Billion
      • AquilaX Joins NVIDIA Inception
    • Webinars
      • Unlock the Future of Code Security with AI
  • AI Models
    • AI Scanner
    • Query
    • QnA
    • Security Assistant
    • Review
Powered by GitBook
On this page

Was this helpful?

  1. User Manual

Security Policy

Security policy is a configuration in JSON format, that is attached to a group, in order to `instruct` how AquilaX scanner and engine needs to behave.

You can imagine this as a set of configuration mapped into a file. Each organization can have one or multiple groups, and each group have one configuration (Security policy) defined.

An example of a security policy is:

.aquilax-policy.json
{
    "": "https://avatars.githubusercontent.com/u/155273638?s=200&v=4",
    "": "",
    "author": "AquilaX Core engineering Team",
    "testing": false,
    "": true,
    "jira_project_key": "SCRUM",
    "raise_tickets": true,
    "ticket_body": "Was found this {{vuln}} on this file {{file}}",
    "ticket_integration": "GitHub, GitLab, Jira",
    "ticket_title": "AquilaX - {{vuln}}",
    "": [
        "all-scanners",
        "special-project"
    ],
    "": "",
    "":[
        "test/*",
        "node_modules/*",
        "tests/*"
    ],
    "scanners": [
        {
            "enforced": true,
            "compliance": true
        },
        {
            "": true,
            "secret": true
        },
        {
            "enforced": true,
            "pii": true
        },
        {
            "enforced": false,
            "sast": true
        },
        {
            "enforced": false,
            "sca": true,
              "licenses": {
                "mixed_licenses": true,
                "prohibited": [
                  "GPL*",
                  "BSD"
                ]
              },
        },
        {
            "enforced": false,
            "container": true
        },
        {
            "enforced": true,
            "iac": true
        },
        {
            "enforced": true,
            "api": true
        },
        {
            "enforced": true,
            "malware": true
        }
    ],
    "": [
        "https://github.com/aquilax-ai"
    ]
}

PreviousRolesNextComparison

Last updated 5 months ago

Was this helpful?

More information how to use ticketing

https://docs.aquilax.ai/user-manual/devtools/vulnerability-tickets