Associating a policy with an application

If you have the required permissions, you can associate one or more policies with an application, either through the user interface or the REST API. Associating a policy with an application allows you to evaluate an application's compliance with those policies and focus remediation on related vulnerabilities.

Associating policies through the user interface

To associate a pre-defined policy with an application:
  1. Click Policies from the menu.
  2. On the Policies page, choose one of the pre-defined policies:
    • Baseline
    • CWE/SANS top 25 most dangerous errors
    • EU General Data Protection Regulation (GDPR)
    • OWASP top 10 2017
    • PCI compliance
    • US Health Insurance Portability and Accountability Act (HIPAA)
  3. Check the applications with which to associate the policy.
  4. Click Associate.
    Note: When you associate one or more policies with an application, the policy is enabled by default. You can disable the policy while maintaining the association, and re-enable it later.
  5. If you are using the Baseline policy, select a date.

    All issues found from this date forward are considered non-compliant.

To disassociate a policy from an application:
  1. Click Policies from the menu.
  2. Select one of the available policies.
  3. Check the application associated with the selected policy.
  4. Click Disassociate.

Associating policies using the REST API

For each policy that requires parameter values, and for which values are not provided in the policy expression, you must provide the value for the Policy parameter. Note that when entering the parameter name you must remove the $ sign.

When you submit the API call, any parameter values you entered are validated.

The following APIs control the association of a policy with an app. This is how they appear in Swagger: