Security Policy

Security policy is a configuration in JSON format, that can be attached to the organization, group or project, in order to `instruct` how AquilaX scanner and engine needs to behave

An example of a security policy is:

.aquilax-policy.json
{
    "name": "Example Policy",
    "id": "",
    "description": "Example Policy for testing purposes",
    "author": "AquilaX Core engineering Team",
    "tags": [
        "all-scanners",
        "example",
        "special-project"
    ]
    "scanners": [
        {
            "": true,
            "secret": true
        },
        {
            "enforced": true,
            "pii": true
        },
        {
            "enforced": false,
            "sast": true
        },
        {
            "enforced": false,
            "sca": true
        },
        {
            "enforced": false,
            "container": true
        },
        {
            "enforced": true,
            "iac": true
        },
        {
            "enforced": true,
            "api": true
        },
        {
            "enforced": true,
            "malware": true
        }
    ]
}

Security policies can be only one per organization, per group or per project or per scan. For organization, group and project you define the policy within the AquilaX platform, but for scan the policy is retreived from the git source code of the code-base from a file named .aquilax-policy.json

Last updated