# Security Policy
You can imagine this as a set of configuration mapped into a file. Each organization can have one or multiple groups, and each group have one configuration (Security policy) defined.
\
An example of a security policy is:
{
"avatar": "https://avatars.githubusercontent.com/u/155273638?s=200&v=4",
"description": "Example Policy for testing purposes",
"author": "AquilaX Core engineering Team",
"testing": false,
"notify_on_failure": true,
"jira_project_key": "SCRUM",
"raise_tickets": true,
"ticket_body": "Was found this {{vuln}} on this file {{file}}",
"ticket_integration": "GitHub, GitLab, Jira",
"ticket_title": "AquilaX - {{vuln}}",
"tags": [
"all-scanners",
"special-project"
],
"frequency": "weekly",
"ignore":[
"test/*",
"node_modules/*",
"tests/*"
],
"scanners": [
{
"enforced": true,
"compliance": true
},
{
"enforced": true,
"secret": true
},
{
"enforced": true,
"pii": true
},
{
"enforced": false,
"sast": true
},
{
"enforced": false,
"sca": true,
"licenses": {
"mixed_licenses": true,
"prohibited": [
"GPL*",
"BSD"
]
},
},
{
"enforced": false,
"container": true
},
{
"enforced": true,
"iac": true
},
{
"enforced": true,
"api": true
},
{
"enforced": true,
"malware": true
}
],
"repos": [
"https://github.com/aquilax-ai"
]
}
More information how to use ticketing
[^1]: Used for reporting (optional)
[^2]: Optional
[^3]: Notify if something goes wrong
[^4]: simple tag system for reporting and categorization
[^5]: how often you want the repos in this group to be scanned (default==once)
[^6]: \["daily", "weekly", "monthly"]
[^7]: This a list of files and folders to be ignored by the scanners
[^8]: If present and true, then the downside groups or project have to accept this action, and cannot overwrite the decision.
[^9]: A list of groups or repos to be scanned