Skip to main content

Save new policy

Prisma Cloud Code Security supports policy-as-code capabilities using YAML-based policy definition files to enable attribute and connection checks (composite checks).

To use the API request, add your token to the header. API supports both YAML and JSON configuration of Prisma Cloud Code Security custom policy schema)

This API creates a new Prisma Cloud Code Security custom policy. The input will be a code-based policy definition file. The output will be a new policy id. In case of invalid code - output will include definition errors. Use the example below as a reference for configuring the API request body for saving new policies.

Request Body required
  • benchmarks object
  • property name* object
  • Array [
  • string
  • ]
  • category CategoryType

    Possible values: [elasticsearch, general, iam, logging, monitoring, networking, public, secrets, serverless, storage, kubernetes, vulnerabilities, compute, vcs, buildIntegrity, licenses, alibabacloud]

  • code object
  • anyOf
  • definition object required
  • anyOf
  • attribute string required
  • cond_type string required

    Possible values: [attribute]

  • operator AttributeOperator required

    Possible values: [within, equals, not_equals, regex_match, not_regex_match, greater_than, greater_than_or_equal, less_than, less_than_or_equal, exists, not_exists, contains, not_contains, starting_with, not_starting_with, ending_with, not_ending_with, jsonpath_equals, jsonpath_not_equals, jsonpath_exists, jsonpath_not_exists, subset, not_subset]

  • resource_types object required
  • anyOf
  • Array [
  • string
  • ]
  • value object
  • anyOf
  • string
  • operator string required

    Possible values: [exists, not_exists]

  • resource_types object required
  • anyOf
  • Array [
  • string
  • ]
  • operator string required

    Possible values: [exists, not_exists]

  • resource_types object required
  • anyOf
  • Array [
  • string
  • ]
  • ]
  • not object
  • anyOf
  • Array [
  • anyOf
  • attribute string required
  • cond_type string required

    Possible values: [attribute]

  • operator AttributeOperator required

    Possible values: [within, equals, not_equals, regex_match, not_regex_match, greater_than, greater_than_or_equal, less_than, less_than_or_equal, exists, not_exists, contains, not_contains, starting_with, not_starting_with, ending_with, not_ending_with, jsonpath_equals, jsonpath_not_equals, jsonpath_exists, jsonpath_not_exists, subset, not_subset]

  • resource_types object required
  • anyOf
  • Array [
  • string
  • ]
  • value object
  • anyOf
  • string
  • operator string required

    Possible values: [exists, not_exists]

  • resource_types object required
  • anyOf
  • Array [
  • string
  • ]
  • ]
  • or object[]
  • Array [
  • anyOf
  • attribute string required
  • cond_type string required

    Possible values: [attribute]

  • operator AttributeOperator required

    Possible values: [within, equals, not_equals, regex_match, not_regex_match, greater_than, greater_than_or_equal, less_than, less_than_or_equal, exists, not_exists, contains, not_contains, starting_with, not_starting_with, ending_with, not_ending_with, jsonpath_equals, jsonpath_not_equals, jsonpath_exists, jsonpath_not_exists, subset, not_subset]

  • resource_types object required
  • anyOf
  • Array [
  • string
  • ]
  • value object
  • anyOf
  • string
  • operator string required

    Possible values: [exists, not_exists]

  • resource_types object required
  • anyOf
  • Array [
  • string
  • ]
  • ]
  • metadata object required
  • category CategoryType required

    Possible values: [elasticsearch, general, iam, logging, monitoring, networking, public, secrets, serverless, storage, kubernetes, vulnerabilities, compute, vcs, buildIntegrity, licenses, alibabacloud]

  • guidelines string required
  • name string required
  • severity SeverityType required

    Possible values: [critical, high, medium, low, info]

  • scope object required
  • provider ProviderType required

    Possible values: [aws, gcp, azure, kubernetes, oci, openstack, packages, git, linode, digitalocean, panos, licenses, alibabacloud]

  • conditions object
  • anyOf
  • attribute string required
  • cond_type string required

    Possible values: [attribute]

  • operator AttributeOperator required

    Possible values: [within, equals, not_equals, regex_match, not_regex_match, greater_than, greater_than_or_equal, less_than, less_than_or_equal, exists, not_exists, contains, not_contains, starting_with, not_starting_with, ending_with, not_ending_with, jsonpath_equals, jsonpath_not_equals, jsonpath_exists, jsonpath_not_exists, subset, not_subset]

  • resource_types object required
  • anyOf
  • Array [
  • string
  • ]
  • value object
  • anyOf
  • string
  • operator string required

    Possible values: [exists, not_exists]

  • resource_types object required
  • anyOf
  • Array [
  • string
  • ]
  • operator string required

    Possible values: [exists, not_exists]

  • resource_types object required
  • anyOf
  • Array [
  • string
  • ]
  • ]
  • not object
  • anyOf
  • Array [
  • anyOf
  • attribute string required
  • cond_type string required

    Possible values: [attribute]

  • operator AttributeOperator required

    Possible values: [within, equals, not_equals, regex_match, not_regex_match, greater_than, greater_than_or_equal, less_than, less_than_or_equal, exists, not_exists, contains, not_contains, starting_with, not_starting_with, ending_with, not_ending_with, jsonpath_equals, jsonpath_not_equals, jsonpath_exists, jsonpath_not_exists, subset, not_subset]

  • resource_types object required
  • anyOf
  • Array [
  • string
  • ]
  • value object
  • anyOf
  • string
  • operator string required

    Possible values: [exists, not_exists]

  • resource_types object required
  • anyOf
  • Array [
  • string
  • ]
  • ]
  • or object[]
  • Array [
  • anyOf
  • attribute string required
  • cond_type string required

    Possible values: [attribute]

  • operator AttributeOperator required

    Possible values: [within, equals, not_equals, regex_match, not_regex_match, greater_than, greater_than_or_equal, less_than, less_than_or_equal, exists, not_exists, contains, not_contains, starting_with, not_starting_with, ending_with, not_ending_with, jsonpath_equals, jsonpath_not_equals, jsonpath_exists, jsonpath_not_exists, subset, not_subset]

  • resource_types object required
  • anyOf
  • Array [
  • string
  • ]
  • value object
  • anyOf
  • string
  • operator string required

    Possible values: [exists, not_exists]

  • resource_types object required
  • anyOf
  • Array [
  • string
  • ]
  • ]
  • frameworks FrameworkType[]

    Possible values: [Terraform, CloudFormation, Kubernetes, TerraformPlan, Helm, Kustomize, Serverless, ARM, Bicep, Git, AWS, GCP, Azure, DockerImage, Docker, Vulnerabilities, VCS, OpenAPI, GithubAction, SCA]

  • guidelines string
  • provider ProviderType

    Possible values: [aws, gcp, azure, kubernetes, oci, openstack, packages, git, linode, digitalocean, panos, licenses, alibabacloud]

  • severity SeverityType

    Possible values: [critical, high, medium, low, info]

  • title string
    • Responses

    Save a new policy data

    Schema
    • anyOf
    • message string required
    Loading...