curl --request PUT \
--url https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product} \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"bundle": {
"deployment_slug": "my-org",
"product": "code",
"rulesets": [
"p/owasp-top-10",
"p/cwe-top-25"
],
"rules": [
"python.lang.security.audit.dangerous-system-call"
],
"disabled": [
"python.lang.security.audit.dangerous-eval"
],
"exceptions": [
{
"exception_type": "exclude",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule",
"project": "my-org/legacy-svc",
"project_tag_name": "segment"
}
]
}
}
'import requests
url = "https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}"
payload = { "bundle": {
"deployment_slug": "my-org",
"product": "code",
"rulesets": ["p/owasp-top-10", "p/cwe-top-25"],
"rules": ["python.lang.security.audit.dangerous-system-call"],
"disabled": ["python.lang.security.audit.dangerous-eval"],
"exceptions": [
{
"exception_type": "exclude",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule",
"project": "my-org/legacy-svc",
"project_tag_name": "segment"
}
]
} }
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.put(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'PUT',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
bundle: {
deployment_slug: 'my-org',
product: 'code',
rulesets: ['p/owasp-top-10', 'p/cwe-top-25'],
rules: ['python.lang.security.audit.dangerous-system-call'],
disabled: ['python.lang.security.audit.dangerous-eval'],
exceptions: [
{
exception_type: 'exclude',
rule: 'python.lang.security.audit.dangerous-system-call',
rule_type: 'rule',
project: 'my-org/legacy-svc',
project_tag_name: 'segment'
}
]
}
})
};
fetch('https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PUT",
CURLOPT_POSTFIELDS => json_encode([
'bundle' => [
'deployment_slug' => 'my-org',
'product' => 'code',
'rulesets' => [
'p/owasp-top-10',
'p/cwe-top-25'
],
'rules' => [
'python.lang.security.audit.dangerous-system-call'
],
'disabled' => [
'python.lang.security.audit.dangerous-eval'
],
'exceptions' => [
[
'exception_type' => 'exclude',
'rule' => 'python.lang.security.audit.dangerous-system-call',
'rule_type' => 'rule',
'project' => 'my-org/legacy-svc',
'project_tag_name' => 'segment'
]
]
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}"
payload := strings.NewReader("{\n \"bundle\": {\n \"deployment_slug\": \"my-org\",\n \"product\": \"code\",\n \"rulesets\": [\n \"p/owasp-top-10\",\n \"p/cwe-top-25\"\n ],\n \"rules\": [\n \"python.lang.security.audit.dangerous-system-call\"\n ],\n \"disabled\": [\n \"python.lang.security.audit.dangerous-eval\"\n ],\n \"exceptions\": [\n {\n \"exception_type\": \"exclude\",\n \"rule\": \"python.lang.security.audit.dangerous-system-call\",\n \"rule_type\": \"rule\",\n \"project\": \"my-org/legacy-svc\",\n \"project_tag_name\": \"segment\"\n }\n ]\n }\n}")
req, _ := http.NewRequest("PUT", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.put("https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"bundle\": {\n \"deployment_slug\": \"my-org\",\n \"product\": \"code\",\n \"rulesets\": [\n \"p/owasp-top-10\",\n \"p/cwe-top-25\"\n ],\n \"rules\": [\n \"python.lang.security.audit.dangerous-system-call\"\n ],\n \"disabled\": [\n \"python.lang.security.audit.dangerous-eval\"\n ],\n \"exceptions\": [\n {\n \"exception_type\": \"exclude\",\n \"rule\": \"python.lang.security.audit.dangerous-system-call\",\n \"rule_type\": \"rule\",\n \"project\": \"my-org/legacy-svc\",\n \"project_tag_name\": \"segment\"\n }\n ]\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Put.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"bundle\": {\n \"deployment_slug\": \"my-org\",\n \"product\": \"code\",\n \"rulesets\": [\n \"p/owasp-top-10\",\n \"p/cwe-top-25\"\n ],\n \"rules\": [\n \"python.lang.security.audit.dangerous-system-call\"\n ],\n \"disabled\": [\n \"python.lang.security.audit.dangerous-eval\"\n ],\n \"exceptions\": [\n {\n \"exception_type\": \"exclude\",\n \"rule\": \"python.lang.security.audit.dangerous-system-call\",\n \"rule_type\": \"rule\",\n \"project\": \"my-org/legacy-svc\",\n \"project_tag_name\": \"segment\"\n }\n ]\n }\n}"
response = http.request(request)
puts response.read_body{
"bundle": {
"deployment_slug": "my-org",
"product": "code",
"rulesets": [
"p/owasp-top-10",
"p/cwe-top-25"
],
"rules": [
"python.lang.security.audit.dangerous-system-call"
],
"disabled": [
"python.lang.security.audit.dangerous-eval"
],
"exceptions": [
{
"exception_type": "exclude",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule",
"project": "my-org/legacy-svc",
"project_tag_name": "segment"
}
]
},
"state_version": "e5f6a7b8"
}Apply a detection policy
Strictly applies a candidate detection policy bundle for one product: the submitted bundle replaces the current state, and exceptions absent from it are deleted. Requires the current state_version in the If-Match header; responds 428 when the header is missing and 409 with the current state_version when it is stale. The apply is atomic for the product’s bundle.
curl --request PUT \
--url https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product} \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"bundle": {
"deployment_slug": "my-org",
"product": "code",
"rulesets": [
"p/owasp-top-10",
"p/cwe-top-25"
],
"rules": [
"python.lang.security.audit.dangerous-system-call"
],
"disabled": [
"python.lang.security.audit.dangerous-eval"
],
"exceptions": [
{
"exception_type": "exclude",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule",
"project": "my-org/legacy-svc",
"project_tag_name": "segment"
}
]
}
}
'import requests
url = "https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}"
payload = { "bundle": {
"deployment_slug": "my-org",
"product": "code",
"rulesets": ["p/owasp-top-10", "p/cwe-top-25"],
"rules": ["python.lang.security.audit.dangerous-system-call"],
"disabled": ["python.lang.security.audit.dangerous-eval"],
"exceptions": [
{
"exception_type": "exclude",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule",
"project": "my-org/legacy-svc",
"project_tag_name": "segment"
}
]
} }
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.put(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'PUT',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
bundle: {
deployment_slug: 'my-org',
product: 'code',
rulesets: ['p/owasp-top-10', 'p/cwe-top-25'],
rules: ['python.lang.security.audit.dangerous-system-call'],
disabled: ['python.lang.security.audit.dangerous-eval'],
exceptions: [
{
exception_type: 'exclude',
rule: 'python.lang.security.audit.dangerous-system-call',
rule_type: 'rule',
project: 'my-org/legacy-svc',
project_tag_name: 'segment'
}
]
}
})
};
fetch('https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PUT",
CURLOPT_POSTFIELDS => json_encode([
'bundle' => [
'deployment_slug' => 'my-org',
'product' => 'code',
'rulesets' => [
'p/owasp-top-10',
'p/cwe-top-25'
],
'rules' => [
'python.lang.security.audit.dangerous-system-call'
],
'disabled' => [
'python.lang.security.audit.dangerous-eval'
],
'exceptions' => [
[
'exception_type' => 'exclude',
'rule' => 'python.lang.security.audit.dangerous-system-call',
'rule_type' => 'rule',
'project' => 'my-org/legacy-svc',
'project_tag_name' => 'segment'
]
]
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}"
payload := strings.NewReader("{\n \"bundle\": {\n \"deployment_slug\": \"my-org\",\n \"product\": \"code\",\n \"rulesets\": [\n \"p/owasp-top-10\",\n \"p/cwe-top-25\"\n ],\n \"rules\": [\n \"python.lang.security.audit.dangerous-system-call\"\n ],\n \"disabled\": [\n \"python.lang.security.audit.dangerous-eval\"\n ],\n \"exceptions\": [\n {\n \"exception_type\": \"exclude\",\n \"rule\": \"python.lang.security.audit.dangerous-system-call\",\n \"rule_type\": \"rule\",\n \"project\": \"my-org/legacy-svc\",\n \"project_tag_name\": \"segment\"\n }\n ]\n }\n}")
req, _ := http.NewRequest("PUT", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.put("https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"bundle\": {\n \"deployment_slug\": \"my-org\",\n \"product\": \"code\",\n \"rulesets\": [\n \"p/owasp-top-10\",\n \"p/cwe-top-25\"\n ],\n \"rules\": [\n \"python.lang.security.audit.dangerous-system-call\"\n ],\n \"disabled\": [\n \"python.lang.security.audit.dangerous-eval\"\n ],\n \"exceptions\": [\n {\n \"exception_type\": \"exclude\",\n \"rule\": \"python.lang.security.audit.dangerous-system-call\",\n \"rule_type\": \"rule\",\n \"project\": \"my-org/legacy-svc\",\n \"project_tag_name\": \"segment\"\n }\n ]\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Put.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"bundle\": {\n \"deployment_slug\": \"my-org\",\n \"product\": \"code\",\n \"rulesets\": [\n \"p/owasp-top-10\",\n \"p/cwe-top-25\"\n ],\n \"rules\": [\n \"python.lang.security.audit.dangerous-system-call\"\n ],\n \"disabled\": [\n \"python.lang.security.audit.dangerous-eval\"\n ],\n \"exceptions\": [\n {\n \"exception_type\": \"exclude\",\n \"rule\": \"python.lang.security.audit.dangerous-system-call\",\n \"rule_type\": \"rule\",\n \"project\": \"my-org/legacy-svc\",\n \"project_tag_name\": \"segment\"\n }\n ]\n }\n}"
response = http.request(request)
puts response.read_body{
"bundle": {
"deployment_slug": "my-org",
"product": "code",
"rulesets": [
"p/owasp-top-10",
"p/cwe-top-25"
],
"rules": [
"python.lang.security.audit.dangerous-system-call"
],
"disabled": [
"python.lang.security.audit.dangerous-eval"
],
"exceptions": [
{
"exception_type": "exclude",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule",
"project": "my-org/legacy-svc",
"project_tag_name": "segment"
}
]
},
"state_version": "e5f6a7b8"
}Authorizations
Get access to data with your API token. Example header:
Authorization: Bearer 2991e2fb4b540fe75b8f90677b0b892b6314e4961cb001fe6eb452eee248a628
The token can be provisioned from the Tokens section in your Settings, and requires explicitly enabling Web API access.
Path Parameters
The unique numerical identifier for the deployment.
1234
The product the bundle applies to. One of: code, secrets.
"code"
Body
The bundle to apply. It replaces the current state for the product: exceptions absent from it are deleted.
Show child attributes
Show child attributes
Was this page helpful?