Security Policy

Security policy is a configuration in JSON format, that is attached to a group, in order to `instruct` how AquilaX scanner and engine needs to behave.

You can imagine this as a set of configuration mapped into a file. Each organization can have one or multiple groups, and each group have one configuration (Security policy) defined.

An example of a security policy is:

.aquilax-policy.json
{
    "": "https://avatars.githubusercontent.com/u/155273638?s=200&v=4",
    "": "",
    "author": "AquilaX Core engineering Team",
    "testing": false,
    "": true,
    "jira_project_key": "SCRUM",
    "raise_tickets": true,
    "ticket_body": "Was found this {{vuln}} on this file {{file}}",
    "ticket_integration": "GitHub, GitLab, Jira",
    "ticket_title": "AquilaX - {{vuln}}",
    "": [
        "all-scanners",
        "special-project"
    ],
    "": "",
    "":[
        "test/*",
        "node_modules/*",
        "tests/*"
    ],
    "scanners": [
        {
            "enforced": true,
            "compliance": true
        },
        {
            "": true,
            "secret": true
        },
        {
            "enforced": true,
            "pii": true
        },
        {
            "enforced": false,
            "sast": true
        },
        {
            "enforced": false,
            "sca": true,
              "licenses": {
                "mixed_licenses": true,
                "prohibited": [
                  "GPL*",
                  "BSD"
                ]
              },
        },
        {
            "enforced": false,
            "container": true
        },
        {
            "enforced": true,
            "iac": true
        },
        {
            "enforced": true,
            "api": true
        },
        {
            "enforced": true,
            "malware": true
        }
    ],
    "": [
        "https://github.com/aquilax-ai"
    ]
}

More information how to use ticketing https://docs.aquilax.ai/user-manual/devtools/vulnerability-tickets

Last updated