Update CI Serverless Vulnerability Policy

PUT 
/api/v34.00/policies/vulnerability/ci/serverless

x-prisma-cloud-target-env: {"permission":"policyServerless"}

Updates the vulnerability policy for serverless functions scanned in your continuous integration (CI) pipeline. All rules in the policy are updated in a single shot.

The policy set in this endpoint is enforced by the scanners in the Jenkins plugin and the twistcli command line tool.

This endpoint maps to the policy table in Defend > Vulnerabilities > Functions > CI in the Console UI.

cURL Request

Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule:

$ curl 'https://<CONSOLE>/api/v<VERSION>/policies/vulnerability/ci/serverless' \
  -X PUT \
  -u <USER> \
  -H 'Content-Type: application/json' \
  -d \
'{
  "rules": [
    {
      "name": "<RULE_NAME>",
      "collections": [
        {
           "name":"<COLLECTION_NAME>",
        }
      ],
      "alertThreshold": {
        "value": 1,
        "disabled": false
      },
      "blockThreshold": {
        "value": 0,
        "enabled": false
      },
      
      ...
      
    }
  ],
  "policyType": "ciServerlessVulnerability",
  
  ...
  
}'

Note: No response will be returned upon successful execution.

Request

application/json

Body

_idstring
Internal identifier.
policyTypecommon.PolicyType (string)
PolicyType represents the type of the policy
Possible values: [containerVulnerability,containerCompliance,ciImagesVulnerability,ciImagesCompliance,hostVulnerability,hostCompliance,vmVulnerability,vmCompliance,serverlessCompliance,ciServerlessCompliance,serverlessVulnerability,ciServerlessVulnerability,containerRuntime,appEmbeddedRuntime,containerAppFirewall,hostAppFirewall,outOfBandAppFirewall,agentlessAppFirewall,serverObserverAppFirewall,appEmbeddedAppFirewall,serverlessAppFirewall,networkFirewall,secrets,hostRuntime,serverlessRuntime,kubernetesAudit,trust,admission,codeRepoCompliance,ciCodeRepoCompliance,ciCodeRepoVulnerability,codeRepoVulnerability]
rules object[]
Rules holds all policy rules.
Array [
actionstring (string)[]
Action to take.
alertThreshold object
AlertThreshold is the vulnerability policy alert threshold Threshold values typically vary between 0 and 10 (noninclusive)
disabledboolean
Suppresses alerts for all vulnerabilities (true).
valuefloat
Minimum severity to trigger alerts. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.
allComplianceboolean
Reports the results of all compliance checks (both passed and failed) (true).
auditAllowedboolean
Specifies if Prisma Cloud audits successful transactions.
blockMsgcommon.PolicyBlockMsg (string)
PolicyBlockMsg represent the block message in a Policy
blockThreshold object
BlockThreshold is the vulnerability policy block threshold Threshold values typically vary between 0 and 10 (noninclusive)
enabledboolean
Enables blocking (true).
valuefloat
Minimum severity to trigger blocking. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.
collections object[]
List of collections. Used to scope the rule.
Array [
accountIDsstring (string)[]
List of account IDs.
appIDsstring (string)[]
List of application IDs.
clustersstring (string)[]
List of Kubernetes cluster names.
colorcommon.Color (string)
Color is a hexadecimal representation of color code value
containersstring (string)[]
List of containers.
descriptionstring
Free-form text.
functionsstring (string)[]
List of functions.
hostsstring (string)[]
List of hosts.
imagesstring (string)[]
List of images.
labelsstring (string)[]
List of labels.
modifieddate-time
Datetime when the collection was last modified.
namestring
Collection name. Must be unique.
namespacesstring (string)[]
List of Kubernetes namespaces.
ownerstring
User who created or last modified the collection.
prismaboolean
Indicates whether this collection originates from Prisma Cloud.
systemboolean
Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).
]
condition object
Conditions contains rule conditions. Conditions apply only for their respective policy type
devicestring
Allowed volume host device (wildcard). If a "container create" command specifies a non matching host device, th action is blocked. Only applies to rules in certain policy types.
readonlyboolean
Indicates if the condition applies only to read-only commands (i.e., HTTP GET requests) (true) or not (false).
vulnerabilities object[]
Block and scan severity-based vulnerabilities conditions.
Array [
blockboolean
Specifies the effect. If true, the effect is block.
idinteger
Vulnerability ID.
]
createPRboolean
CreatePR indicates whether to create a pull request for vulnerability fixes (relevant for code repos).
cveRules object[]
List of CVE IDs classified for special handling (also known as exceptions).
Array [
descriptionstring
Free-form text for documenting the exception.
effectvuln.Effect (string)
Effect specifies relevant action for a vulnerability
Possible values: [ignore,alert,block]
expiration object
ExpirationDate is the vulnerability expiration date
datedate-time
Date is the vulnerability expiration date.
enabledboolean
Enabled indicates that the grace period is enabled.
idstring
CVE ID.
]
disabledboolean
Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).
effectcommon.PolicyEffect (string)
PolicyEffect state the effect of evaluating the given policy
Possible values: [allow,deny,block,alert]
excludeBaseImageVulnsboolean
ExcludeBaseImageVulns indicates whether to exclude vulnerabilities coming from the base image.
graceDaysinteger
Number of days to suppress the rule's block effect. Measured from date the vuln was fixed. If there's no fix, measured from the date the vuln was published.
graceDaysPolicy object
GraceDaysPolicy indicates the grace days policy by severity
criticalinteger
.
enabledboolean
Enabled is an indication whether the the grace days by severity is enabled.
highinteger
.
lowinteger
.
mediuminteger
.
groupstring (string)[]
Applicable groups.
license object
LicenseConfig is the compliance policy license configuration
alertThreshold object
LicenseThreshold is the license severity threshold to indicate whether to perform an action (alert/block) Threshold values typically vary between 0 and 10 (noninclusive)
enabledboolean
Enabled indicates that the action is enabled.
valuefloat
Value is the minimum severity score for which the action is enabled.
blockThreshold object
LicenseThreshold is the license severity threshold to indicate whether to perform an action (alert/block) Threshold values typically vary between 0 and 10 (noninclusive)
enabledboolean
Enabled indicates that the action is enabled.
valuefloat
Value is the minimum severity score for which the action is enabled.
criticalstring (string)[]
Critical is the list of licenses with critical severity.
highstring (string)[]
High is the list of licenses with high severity.
lowstring (string)[]
Low is the list of licenses with low severity.
mediumstring (string)[]
Medium is the list of licenses with medium severity.
modifieddate-time
Specifies the date and time when the rule was last modified.
namestring
Name of the rule.
notesstring
Describes any noteworthy points for a rule. You can include any text.
onlyFixedboolean
Applies rule only when vendor fixes are available (true).
ownerstring
User who created or last modified the rule.
pkgTypesThresholds object[]
PkgTypesThresholds holds package type specific alert and block thresholds.
Array [
alertThreshold object
AlertThreshold is the vulnerability policy alert threshold Threshold values typically vary between 0 and 10 (noninclusive)
disabledboolean
Suppresses alerts for all vulnerabilities (true).
valuefloat
Minimum severity to trigger alerts. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.
blockThreshold object
BlockThreshold is the vulnerability policy block threshold Threshold values typically vary between 0 and 10 (noninclusive)
enabledboolean
Enables blocking (true).
valuefloat
Minimum severity to trigger blocking. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.
typepackages.Type (string)
Type describes the package type
Possible values: [nodejs,gem,python,jar,package,windows,binary,nuget,go,app,unknown]
]
previousNamestring
Previous name of the rule. Required for rule renaming.
principalstring (string)[]
Applicable users.
riskFactorsEffects object[]
RiskFactorsEffects indicates the effect (alert/block) of each risk factor.
Array [
effectvuln.Effect (string)
Effect specifies relevant action for a vulnerability
Possible values: [ignore,alert,block]
riskFactorvulnerability.RiskFactor (string)
RiskFactor represents a vulnerability risk factor, used in determining a vulnerability risk score
Possible values: [Critical severity,High severity,Medium severity,Has fix,Remote execution,DoS - Low,DoS - High,Recent vulnerability,Exploit exists - in the wild,Exploit exists - POC,Attack complexity: low,Attack vector: network,Reachable from the internet,Listening ports,Container is running as root,No mandatory security profile applied,Running as privileged container,Package in use,Sensitive information,Root mount,Runtime socket,Host access]
]
tags object[]
List of tags classified for special handling (also known as exceptions).
Array [
descriptionstring
Free-form text for documenting the exception.
effectvuln.Effect (string)
Effect specifies relevant action for a vulnerability
Possible values: [ignore,alert,block]
expiration object
ExpirationDate is the vulnerability expiration date
datedate-time
Date is the vulnerability expiration date.
enabledboolean
Enabled indicates that the grace period is enabled.
namestring
Tag name.
]
verboseboolean
Displays a detailed message when an operation is blocked (true).
]

Responses

200

OK

default

• curl
• python
• go
• nodejs
• csharp
• php

• CURL

curl -L -X PUT 'https://pan.dev/api/v34.00/policies/vulnerability/ci/serverless' \
-H 'Content-Type: application/json'

Request Collapse all

Body

{
  "_id": "string",
  "policyType": [
    "containerVulnerability",
    "containerCompliance",
    "ciImagesVulnerability",
    "ciImagesCompliance",
    "hostVulnerability",
    "hostCompliance",
    "vmVulnerability",
    "vmCompliance",
    "serverlessCompliance",
    "ciServerlessCompliance",
    "serverlessVulnerability",
    "ciServerlessVulnerability",
    "containerRuntime",
    "appEmbeddedRuntime",
    "containerAppFirewall",
    "hostAppFirewall",
    "outOfBandAppFirewall",
    "agentlessAppFirewall",
    "serverObserverAppFirewall",
    "appEmbeddedAppFirewall",
    "serverlessAppFirewall",
    "networkFirewall",
    "secrets",
    "hostRuntime",
    "serverlessRuntime",
    "kubernetesAudit",
    "trust",
    "admission",
    "codeRepoCompliance",
    "ciCodeRepoCompliance",
    "ciCodeRepoVulnerability",
    "codeRepoVulnerability"
  ],
  "rules": [
    {
      "action": [
        "string"
      ],
      "alertThreshold": {
        "disabled": true,
        "value": 0
      },
      "allCompliance": true,
      "auditAllowed": true,
      "blockMsg": "string",
      "blockThreshold": {
        "enabled": true,
        "value": 0
      },
      "collections": [
        {
          "accountIDs": [
            "string"
          ],
          "appIDs": [
            "string"
          ],
          "clusters": [
            "string"
          ],
          "color": "string",
          "containers": [
            "string"
          ],
          "description": "string",
          "functions": [
            "string"
          ],
          "hosts": [
            "string"
          ],
          "images": [
            "string"
          ],
          "labels": [
            "string"
          ],
          "modified": "2024-07-29T15:51:28.071Z",
          "name": "string",
          "namespaces": [
            "string"
          ],
          "owner": "string",
          "prisma": true,
          "system": true
        }
      ],
      "condition": {
        "device": "string",
        "readonly": true,
        "vulnerabilities": [
          {
            "block": true,
            "id": 0
          }
        ]
      },
      "createPR": true,
      "cveRules": [
        {
          "description": "string",
          "effect": [
            "ignore",
            "alert",
            "block"
          ],
          "expiration": {
            "date": "2024-07-29T15:51:28.071Z",
            "enabled": true
          },
          "id": "string"
        }
      ],
      "disabled": true,
      "effect": [
        "allow",
        "deny",
        "block",
        "alert"
      ],
      "excludeBaseImageVulns": true,
      "graceDays": 0,
      "graceDaysPolicy": {
        "critical": 0,
        "enabled": true,
        "high": 0,
        "low": 0,
        "medium": 0
      },
      "group": [
        "string"
      ],
      "license": {
        "alertThreshold": {
          "enabled": true,
          "value": 0
        },
        "blockThreshold": {
          "enabled": true,
          "value": 0
        },
        "critical": [
          "string"
        ],
        "high": [
          "string"
        ],
        "low": [
          "string"
        ],
        "medium": [
          "string"
        ]
      },
      "modified": "2024-07-29T15:51:28.071Z",
      "name": "string",
      "notes": "string",
      "onlyFixed": true,
      "owner": "string",
      "pkgTypesThresholds": [
        {
          "alertThreshold": {
            "disabled": true,
            "value": 0
          },
          "blockThreshold": {
            "enabled": true,
            "value": 0
          },
          "type": [
            "nodejs",
            "gem",
            "python",
            "jar",
            "package",
            "windows",
            "binary",
            "nuget",
            "go",
            "app",
            "unknown"
          ]
        }
      ],
      "previousName": "string",
      "principal": [
        "string"
      ],
      "riskFactorsEffects": [
        {
          "effect": [
            "ignore",
            "alert",
            "block"
          ],
          "riskFactor": [
            "Critical severity",
            "High severity",
            "Medium severity",
            "Has fix",
            "Remote execution",
            "DoS - Low",
            "DoS - High",
            "Recent vulnerability",
            "Exploit exists - in the wild",
            "Exploit exists - POC",
            "Attack complexity: low",
            "Attack vector: network",
            "Reachable from the internet",
            "Listening ports",
            "Container is running as root",
            "No mandatory security profile applied",
            "Running as privileged container",
            "Package in use",
            "Sensitive information",
            "Root mount",
            "Runtime socket",
            "Host access"
          ]
        }
      ],
      "tags": [
        {
          "description": "string",
          "effect": [
            "ignore",
            "alert",
            "block"
          ],
          "expiration": {
            "date": "2024-07-29T15:51:28.071Z",
            "enabled": true
          },
          "name": "string"
        }
      ],
      "verbose": true
    }
  ]
}