Associating a policy with an application

If you have the required permissions, you can associate one or more policies with an application, either through the user interface or the REST API. Associating a policy with an application allows you to evaluate an application's compliance with those policies and focus remediation on related vulnerabilities.

Associating policies through the user interface

To associate a pre-defined policy with an application:
  1. On the toolbar, click Organization > Policies.
  2. On the Policies page, choose one of the existing policies.

    A pane opens on the right of the screen showing the applications currently associated with this policy.

  3. Click Associate with applications.
  4. Optionally use the Filter drop-down to filter the list of available applications.
  5. From the Select applications drop-down, select one or more applications to associate the policy, then click Save
    Note: When you associate a policy with an application, it is enabled by default. You can disable the policy while maintaining the association, and re-enable it later.
    Note: Applications that already have the maximum five policies associated with them (apart from the Baseline policy) appear grayed out.

Associating policies using the REST API

For each policy that requires parameter values, and for which values are not provided in the policy expression, you must provide the value for the Policy parameter. Note that when entering the parameter name you must remove the $ sign.

When you submit the API call, any parameter values you entered are validated.

The following APIs control the association of a policy with an app. This is how they appear in Swagger: