我们正在尝试使用 API 使用 curl 命令在 X-Ray 中创建策略。这是用于参考
https://www.jfrog.com/confluence/display/XRAY/Xray+REST+API#XrayRESTAPI-CreatePolicy 的网址
我们尝试使用以下命令,但没有运气。
curl -v -u userid:password -X POST "http://jfrogxray-scanner.com/api/v1/policies" -d '{"priority":"1", "name":"sample"}' -d criteria='{"type":"minimum_security","value":"major"}'
我们不确定是否需要添加更多数据来使用 API 调用创建策略。 如果我们需要在 curl 命令中提供更多数据以获得下面的输出,我们该怎么做。
{
"name": "some security policy",
"description": "some security policy description",
"type": "security",
"rules": [
{
"priority": 1,
"name": "Major and above",
"criteria": [{type: "minimum_severity", value: "Major"}],
"actions": [
{type: "email", value: ["elady@jfrog.com","chenk@jfrog.com"]},
{type: "webhook", value: ["some_webhook", "some_webhook2"]},
{type: "fail_build", value: "true"},
{type: "block_download", value: "true, block_unscanned"}
]
},
{
"priority": 2,
"name": "All vulnerabilities",
"criteria": ["minimum_severity":"All"],
"actions": [
{type: "webhook", value: ["some_webhook", "some_webhook2"]}
]
}
],
"assigned_watches": ["some_watch", "some_other_watch"]
}
非常感谢您的见解!
documentation has been updated:
here are some examples :
-- Example 1
{
"name": "securityPolicy",
"type": "security",
"description": "some description",
"author": "new-user",
"rules": [
{
"name": "securityRule",
"priority": 1,
"criteria": {
"min_severity": "Critical"
},
"actions": {
"mails": [
"mail1@gmail.com",
"mail2@gmail.com"
],
"fail_build": true,
"block_download": {
"unscanned": true,
"active": true
}
}
}
],
"assigned_watches": ["some_watch", "some_other_watch"]
}
-- Example 2
{
"name": "licensesPolicy",
"type": "license",
"description": "some description",
"author": "new-user",
"rules": [
{
"name": "LicenseRule",
"priority": 1,
"criteria": {
"allowed_licenses": [
"0BSD",
"AAL"
],
"allow_unknown": true
}
}
]
}