curl --request GET \
--url https://api.example.com/api/policies/v1/deployments/{deploymentId}/{policyId}/rules \
--header 'Authorization: Bearer <token>'import requests
url = "https://api.example.com/api/policies/v1/deployments/{deploymentId}/{policyId}/rules"
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, headers=headers)
print(response.text)const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};
fetch('https://api.example.com/api/policies/v1/deployments/{deploymentId}/{policyId}/rules', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.example.com/api/policies/v1/deployments/{deploymentId}/{policyId}/rules",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://api.example.com/api/policies/v1/deployments/{deploymentId}/{policyId}/rules"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", "Bearer <token>")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://api.example.com/api/policies/v1/deployments/{deploymentId}/{policyId}/rules")
.header("Authorization", "Bearer <token>")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.example.com/api/policies/v1/deployments/{deploymentId}/{policyId}/rules")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'
response = http.request(request)
puts response.read_body{
"policy": {
"id": "1",
"isDefault": true,
"name": "Global Policy",
"productType": "PRODUCT_TYPE_SAST",
"slug": "global_policy"
},
"rules": [
{
"id": "1",
"policyMode": "MODE_MONITOR",
"path": "python.rule.1",
"source": "SOURCE_COMMUNITY",
"severity": "SEVERITY_HIGH",
"languages": [
"python"
],
"confidence": "CONFIDENCE_HIGH",
"vulnerabilityClass": [
"Improper Authentication"
],
"rulesets": [],
"lastChangeAt": "2024-07-29T22:33:37.380293Z",
"category": "security",
"owaspCategories": [
"A07: Cross-Site Scripting (XSS)"
],
"technologies": [
"django",
"flask"
],
"cweCategories": [
"CWE-918: Server-Side Request Forgery (SSRF)"
],
"url": "https://semgrep.com/r/123/python.rule.1",
"registryMaintainer": "semgrep"
},
{
"id": "2",
"policyMode": "MODE_COMMENT",
"path": "python.rule.shared",
"source": "SOURCE_PRO",
"severity": "SEVERITY_MEDIUM",
"languages": [
"python"
],
"confidence": "CONFIDENCE_HIGH",
"vulnerabilityClass": [
"Improper Authentication"
],
"rulesets": [
"comment",
"default"
],
"lastChangeAt": "2024-07-29T22:33:37.380293Z",
"category": "security",
"owaspCategories": [
"A01:2021 - Broken Access Control",
"A07: Cross-Site Scripting (XSS)"
],
"technologies": [
"django",
"flask"
],
"cweCategories": [
"CWE-918: Server-Side Request Forgery (SSRF)"
],
"url": "https://semgrep.com/r/123/python.rule.shared",
"registryMaintainer": "semgrep"
},
{
"id": "3",
"policyMode": "MODE_BLOCK",
"path": "python.rule.custom_rule",
"source": "SOURCE_CUSTOM",
"severity": "SEVERITY_MEDIUM",
"languages": [
"python"
],
"confidence": "CONFIDENCE_HIGH",
"vulnerabilityClass": [
"Improper Authentication"
],
"rulesets": [],
"lastChangeAt": "2024-07-29T22:33:37.380293Z",
"lastChangeBy": "example-user",
"category": "best-practice",
"owaspCategories": [],
"technologies": [
"django",
"flask"
],
"cweCategories": [],
"url": "https://semgrep.com/r/123/python.rule.custom_rule",
"registryMaintainer": "semgrep"
}
],
"cursor": "Pm0ROjIwMjQtMDItMDYgMjA6MDQ6NDguMEDzNzk2fmk6NYTM2zUxOTI"
}List Policy Rules
List the rules for a given policy.
curl --request GET \
--url https://api.example.com/api/policies/v1/deployments/{deploymentId}/{policyId}/rules \
--header 'Authorization: Bearer <token>'import requests
url = "https://api.example.com/api/policies/v1/deployments/{deploymentId}/{policyId}/rules"
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, headers=headers)
print(response.text)const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};
fetch('https://api.example.com/api/policies/v1/deployments/{deploymentId}/{policyId}/rules', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.example.com/api/policies/v1/deployments/{deploymentId}/{policyId}/rules",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://api.example.com/api/policies/v1/deployments/{deploymentId}/{policyId}/rules"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", "Bearer <token>")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://api.example.com/api/policies/v1/deployments/{deploymentId}/{policyId}/rules")
.header("Authorization", "Bearer <token>")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.example.com/api/policies/v1/deployments/{deploymentId}/{policyId}/rules")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'
response = http.request(request)
puts response.read_body{
"policy": {
"id": "1",
"isDefault": true,
"name": "Global Policy",
"productType": "PRODUCT_TYPE_SAST",
"slug": "global_policy"
},
"rules": [
{
"id": "1",
"policyMode": "MODE_MONITOR",
"path": "python.rule.1",
"source": "SOURCE_COMMUNITY",
"severity": "SEVERITY_HIGH",
"languages": [
"python"
],
"confidence": "CONFIDENCE_HIGH",
"vulnerabilityClass": [
"Improper Authentication"
],
"rulesets": [],
"lastChangeAt": "2024-07-29T22:33:37.380293Z",
"category": "security",
"owaspCategories": [
"A07: Cross-Site Scripting (XSS)"
],
"technologies": [
"django",
"flask"
],
"cweCategories": [
"CWE-918: Server-Side Request Forgery (SSRF)"
],
"url": "https://semgrep.com/r/123/python.rule.1",
"registryMaintainer": "semgrep"
},
{
"id": "2",
"policyMode": "MODE_COMMENT",
"path": "python.rule.shared",
"source": "SOURCE_PRO",
"severity": "SEVERITY_MEDIUM",
"languages": [
"python"
],
"confidence": "CONFIDENCE_HIGH",
"vulnerabilityClass": [
"Improper Authentication"
],
"rulesets": [
"comment",
"default"
],
"lastChangeAt": "2024-07-29T22:33:37.380293Z",
"category": "security",
"owaspCategories": [
"A01:2021 - Broken Access Control",
"A07: Cross-Site Scripting (XSS)"
],
"technologies": [
"django",
"flask"
],
"cweCategories": [
"CWE-918: Server-Side Request Forgery (SSRF)"
],
"url": "https://semgrep.com/r/123/python.rule.shared",
"registryMaintainer": "semgrep"
},
{
"id": "3",
"policyMode": "MODE_BLOCK",
"path": "python.rule.custom_rule",
"source": "SOURCE_CUSTOM",
"severity": "SEVERITY_MEDIUM",
"languages": [
"python"
],
"confidence": "CONFIDENCE_HIGH",
"vulnerabilityClass": [
"Improper Authentication"
],
"rulesets": [],
"lastChangeAt": "2024-07-29T22:33:37.380293Z",
"lastChangeBy": "example-user",
"category": "best-practice",
"owaspCategories": [],
"technologies": [
"django",
"flask"
],
"cweCategories": [],
"url": "https://semgrep.com/r/123/python.rule.custom_rule",
"registryMaintainer": "semgrep"
}
],
"cursor": "Pm0ROjIwMjQtMDItMDYgMjA6MDQ6NDguMEDzNzk2fmk6NYTM2zUxOTI"
}Authorizations
Get access to data with your API token. Example header:
Authorization: Bearer 2991e2fb4b540fe75b8f90677b0b892b6314e4961cb001fe6eb452eee248a628
The token can be provisioned from the Tokens section in your Settings, and requires explicitly enabling Web API access.
Path Parameters
The unique numerical identifier for the deployment.
123
The unique numerical identifier for the policy. Find your policy's ID via the List Policies endpoint.
456
Query Parameters
Cursor to paginate through the rules. Provide a cursor value from the response to retrieve the next page.
Page size to paginate through the rules. The default page size is 500 and the maximum allowed page size is 2000.
Response
OK
Show child attributes
Show child attributes
List of Rules for the given Policy.
Show child attributes
Show child attributes
[
{
"id": "1",
"policyMode": "MODE_MONITOR",
"path": "python.rule.1",
"source": "SOURCE_COMMUNITY",
"severity": "SEVERITY_HIGH",
"languages": ["python"],
"confidence": "CONFIDENCE_HIGH",
"vulnerabilityClass": ["Improper Authentication"],
"rulesets": [],
"lastChangeAt": "2024-07-29T22:33:37.380293Z",
"category": "security",
"owaspCategories": ["A07: Cross-Site Scripting (XSS)"],
"technologies": ["django", "flask"],
"cweCategories": [
"CWE-918: Server-Side Request Forgery (SSRF)"
],
"url": "https://semgrep.com/r/123/python.rule.1",
"registryMaintainer": "semgrep"
},
{
"id": "2",
"policyMode": "MODE_COMMENT",
"path": "python.rule.shared",
"source": "SOURCE_PRO",
"severity": "SEVERITY_MEDIUM",
"languages": ["python"],
"confidence": "CONFIDENCE_HIGH",
"vulnerabilityClass": ["Improper Authentication"],
"rulesets": ["comment", "default"],
"lastChangeAt": "2024-07-29T22:33:37.380293Z",
"category": "security",
"owaspCategories": [
"A01:2021 - Broken Access Control",
"A07: Cross-Site Scripting (XSS)"
],
"technologies": ["django", "flask"],
"cweCategories": [
"CWE-918: Server-Side Request Forgery (SSRF)"
],
"url": "https://semgrep.com/r/123/python.rule.shared",
"registryMaintainer": "semgrep"
},
{
"id": "3",
"policyMode": "MODE_BLOCK",
"path": "python.rule.custom_rule",
"source": "SOURCE_CUSTOM",
"severity": "SEVERITY_MEDIUM",
"languages": ["python"],
"confidence": "CONFIDENCE_HIGH",
"vulnerabilityClass": ["Improper Authentication"],
"rulesets": [],
"lastChangeAt": "2024-07-29T22:33:37.380293Z",
"lastChangeBy": "example-user",
"category": "best-practice",
"owaspCategories": [],
"technologies": ["django", "flask"],
"cweCategories": [],
"url": "https://semgrep.com/r/123/python.rule.custom_rule",
"registryMaintainer": "semgrep"
}
]
Cursor to paginate through the rules.
"Pm0ROjIwMjQtMDItMDYgMjA6MDQ6NDguMEDzNzk2fmk6NYTM2zUxOTI"
Was this page helpful?