curl --request POST \
--url https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}:dryRun \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"bundle": {
"deployment_slug": "my-org",
"product": "code",
"rulesets": [
"p/owasp-top-10",
"p/cwe-top-25"
],
"rules": [
"python.lang.security.audit.dangerous-system-call"
],
"disabled": [
"python.lang.security.audit.dangerous-eval"
],
"exceptions": [
{
"exception_type": "exclude",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule",
"project": "my-org/legacy-svc",
"project_tag_name": "segment"
}
]
}
}
'import requests
url = "https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}:dryRun"
payload = { "bundle": {
"deployment_slug": "my-org",
"product": "code",
"rulesets": ["p/owasp-top-10", "p/cwe-top-25"],
"rules": ["python.lang.security.audit.dangerous-system-call"],
"disabled": ["python.lang.security.audit.dangerous-eval"],
"exceptions": [
{
"exception_type": "exclude",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule",
"project": "my-org/legacy-svc",
"project_tag_name": "segment"
}
]
} }
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
bundle: {
deployment_slug: 'my-org',
product: 'code',
rulesets: ['p/owasp-top-10', 'p/cwe-top-25'],
rules: ['python.lang.security.audit.dangerous-system-call'],
disabled: ['python.lang.security.audit.dangerous-eval'],
exceptions: [
{
exception_type: 'exclude',
rule: 'python.lang.security.audit.dangerous-system-call',
rule_type: 'rule',
project: 'my-org/legacy-svc',
project_tag_name: 'segment'
}
]
}
})
};
fetch('https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}:dryRun', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}:dryRun",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'bundle' => [
'deployment_slug' => 'my-org',
'product' => 'code',
'rulesets' => [
'p/owasp-top-10',
'p/cwe-top-25'
],
'rules' => [
'python.lang.security.audit.dangerous-system-call'
],
'disabled' => [
'python.lang.security.audit.dangerous-eval'
],
'exceptions' => [
[
'exception_type' => 'exclude',
'rule' => 'python.lang.security.audit.dangerous-system-call',
'rule_type' => 'rule',
'project' => 'my-org/legacy-svc',
'project_tag_name' => 'segment'
]
]
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}:dryRun"
payload := strings.NewReader("{\n \"bundle\": {\n \"deployment_slug\": \"my-org\",\n \"product\": \"code\",\n \"rulesets\": [\n \"p/owasp-top-10\",\n \"p/cwe-top-25\"\n ],\n \"rules\": [\n \"python.lang.security.audit.dangerous-system-call\"\n ],\n \"disabled\": [\n \"python.lang.security.audit.dangerous-eval\"\n ],\n \"exceptions\": [\n {\n \"exception_type\": \"exclude\",\n \"rule\": \"python.lang.security.audit.dangerous-system-call\",\n \"rule_type\": \"rule\",\n \"project\": \"my-org/legacy-svc\",\n \"project_tag_name\": \"segment\"\n }\n ]\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}:dryRun")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"bundle\": {\n \"deployment_slug\": \"my-org\",\n \"product\": \"code\",\n \"rulesets\": [\n \"p/owasp-top-10\",\n \"p/cwe-top-25\"\n ],\n \"rules\": [\n \"python.lang.security.audit.dangerous-system-call\"\n ],\n \"disabled\": [\n \"python.lang.security.audit.dangerous-eval\"\n ],\n \"exceptions\": [\n {\n \"exception_type\": \"exclude\",\n \"rule\": \"python.lang.security.audit.dangerous-system-call\",\n \"rule_type\": \"rule\",\n \"project\": \"my-org/legacy-svc\",\n \"project_tag_name\": \"segment\"\n }\n ]\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}:dryRun")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"bundle\": {\n \"deployment_slug\": \"my-org\",\n \"product\": \"code\",\n \"rulesets\": [\n \"p/owasp-top-10\",\n \"p/cwe-top-25\"\n ],\n \"rules\": [\n \"python.lang.security.audit.dangerous-system-call\"\n ],\n \"disabled\": [\n \"python.lang.security.audit.dangerous-eval\"\n ],\n \"exceptions\": [\n {\n \"exception_type\": \"exclude\",\n \"rule\": \"python.lang.security.audit.dangerous-system-call\",\n \"rule_type\": \"rule\",\n \"project\": \"my-org/legacy-svc\",\n \"project_tag_name\": \"segment\"\n }\n ]\n }\n}"
response = http.request(request)
puts response.read_body{
"creates": [
{
"kind": "DetectionPolicyException",
"key": {
"product": "code",
"scope_type": "project_tag",
"scope_target": "segment",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule"
},
"before": {
"rulesets": [
"<string>"
],
"rules": [
"<string>"
],
"disabled": [
"<string>"
],
"exception_type": "exclude"
},
"after": {
"rulesets": [
"<string>"
],
"rules": [
"<string>"
],
"disabled": [
"<string>"
],
"exception_type": "exclude"
}
}
],
"updates": [
{
"kind": "DetectionPolicyException",
"key": {
"product": "code",
"scope_type": "project_tag",
"scope_target": "segment",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule"
},
"before": {
"rulesets": [
"<string>"
],
"rules": [
"<string>"
],
"disabled": [
"<string>"
],
"exception_type": "exclude"
},
"after": {
"rulesets": [
"<string>"
],
"rules": [
"<string>"
],
"disabled": [
"<string>"
],
"exception_type": "exclude"
}
}
],
"deletes": [
{
"kind": "DetectionPolicyException",
"key": {
"product": "code",
"scope_type": "project_tag",
"scope_target": "segment",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule"
},
"before": {
"rulesets": [
"<string>"
],
"rules": [
"<string>"
],
"disabled": [
"<string>"
],
"exception_type": "exclude"
},
"after": {
"rulesets": [
"<string>"
],
"rules": [
"<string>"
],
"disabled": [
"<string>"
],
"exception_type": "exclude"
}
}
],
"state_version": "a1b2c3d4",
"validation_errors": [
{
"code": "UNSUPPORTED_ACTION_TYPE",
"message": "<string>",
"policy_slug": "<string>",
"context": {}
}
]
}Preview a detection policy apply
Validates a candidate detection policy bundle and returns the diff a strict apply would produce, without changing anything. The response includes the state_version the diff was computed against; send that exact value as If-Match on the follow-up PUT to guarantee you apply the diff you previewed.
curl --request POST \
--url https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}:dryRun \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"bundle": {
"deployment_slug": "my-org",
"product": "code",
"rulesets": [
"p/owasp-top-10",
"p/cwe-top-25"
],
"rules": [
"python.lang.security.audit.dangerous-system-call"
],
"disabled": [
"python.lang.security.audit.dangerous-eval"
],
"exceptions": [
{
"exception_type": "exclude",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule",
"project": "my-org/legacy-svc",
"project_tag_name": "segment"
}
]
}
}
'import requests
url = "https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}:dryRun"
payload = { "bundle": {
"deployment_slug": "my-org",
"product": "code",
"rulesets": ["p/owasp-top-10", "p/cwe-top-25"],
"rules": ["python.lang.security.audit.dangerous-system-call"],
"disabled": ["python.lang.security.audit.dangerous-eval"],
"exceptions": [
{
"exception_type": "exclude",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule",
"project": "my-org/legacy-svc",
"project_tag_name": "segment"
}
]
} }
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
bundle: {
deployment_slug: 'my-org',
product: 'code',
rulesets: ['p/owasp-top-10', 'p/cwe-top-25'],
rules: ['python.lang.security.audit.dangerous-system-call'],
disabled: ['python.lang.security.audit.dangerous-eval'],
exceptions: [
{
exception_type: 'exclude',
rule: 'python.lang.security.audit.dangerous-system-call',
rule_type: 'rule',
project: 'my-org/legacy-svc',
project_tag_name: 'segment'
}
]
}
})
};
fetch('https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}:dryRun', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}:dryRun",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'bundle' => [
'deployment_slug' => 'my-org',
'product' => 'code',
'rulesets' => [
'p/owasp-top-10',
'p/cwe-top-25'
],
'rules' => [
'python.lang.security.audit.dangerous-system-call'
],
'disabled' => [
'python.lang.security.audit.dangerous-eval'
],
'exceptions' => [
[
'exception_type' => 'exclude',
'rule' => 'python.lang.security.audit.dangerous-system-call',
'rule_type' => 'rule',
'project' => 'my-org/legacy-svc',
'project_tag_name' => 'segment'
]
]
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}:dryRun"
payload := strings.NewReader("{\n \"bundle\": {\n \"deployment_slug\": \"my-org\",\n \"product\": \"code\",\n \"rulesets\": [\n \"p/owasp-top-10\",\n \"p/cwe-top-25\"\n ],\n \"rules\": [\n \"python.lang.security.audit.dangerous-system-call\"\n ],\n \"disabled\": [\n \"python.lang.security.audit.dangerous-eval\"\n ],\n \"exceptions\": [\n {\n \"exception_type\": \"exclude\",\n \"rule\": \"python.lang.security.audit.dangerous-system-call\",\n \"rule_type\": \"rule\",\n \"project\": \"my-org/legacy-svc\",\n \"project_tag_name\": \"segment\"\n }\n ]\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}:dryRun")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"bundle\": {\n \"deployment_slug\": \"my-org\",\n \"product\": \"code\",\n \"rulesets\": [\n \"p/owasp-top-10\",\n \"p/cwe-top-25\"\n ],\n \"rules\": [\n \"python.lang.security.audit.dangerous-system-call\"\n ],\n \"disabled\": [\n \"python.lang.security.audit.dangerous-eval\"\n ],\n \"exceptions\": [\n {\n \"exception_type\": \"exclude\",\n \"rule\": \"python.lang.security.audit.dangerous-system-call\",\n \"rule_type\": \"rule\",\n \"project\": \"my-org/legacy-svc\",\n \"project_tag_name\": \"segment\"\n }\n ]\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.example.com/api/policies/v2/deployments/{deploymentId}/detection-policy/{product}:dryRun")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"bundle\": {\n \"deployment_slug\": \"my-org\",\n \"product\": \"code\",\n \"rulesets\": [\n \"p/owasp-top-10\",\n \"p/cwe-top-25\"\n ],\n \"rules\": [\n \"python.lang.security.audit.dangerous-system-call\"\n ],\n \"disabled\": [\n \"python.lang.security.audit.dangerous-eval\"\n ],\n \"exceptions\": [\n {\n \"exception_type\": \"exclude\",\n \"rule\": \"python.lang.security.audit.dangerous-system-call\",\n \"rule_type\": \"rule\",\n \"project\": \"my-org/legacy-svc\",\n \"project_tag_name\": \"segment\"\n }\n ]\n }\n}"
response = http.request(request)
puts response.read_body{
"creates": [
{
"kind": "DetectionPolicyException",
"key": {
"product": "code",
"scope_type": "project_tag",
"scope_target": "segment",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule"
},
"before": {
"rulesets": [
"<string>"
],
"rules": [
"<string>"
],
"disabled": [
"<string>"
],
"exception_type": "exclude"
},
"after": {
"rulesets": [
"<string>"
],
"rules": [
"<string>"
],
"disabled": [
"<string>"
],
"exception_type": "exclude"
}
}
],
"updates": [
{
"kind": "DetectionPolicyException",
"key": {
"product": "code",
"scope_type": "project_tag",
"scope_target": "segment",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule"
},
"before": {
"rulesets": [
"<string>"
],
"rules": [
"<string>"
],
"disabled": [
"<string>"
],
"exception_type": "exclude"
},
"after": {
"rulesets": [
"<string>"
],
"rules": [
"<string>"
],
"disabled": [
"<string>"
],
"exception_type": "exclude"
}
}
],
"deletes": [
{
"kind": "DetectionPolicyException",
"key": {
"product": "code",
"scope_type": "project_tag",
"scope_target": "segment",
"rule": "python.lang.security.audit.dangerous-system-call",
"rule_type": "rule"
},
"before": {
"rulesets": [
"<string>"
],
"rules": [
"<string>"
],
"disabled": [
"<string>"
],
"exception_type": "exclude"
},
"after": {
"rulesets": [
"<string>"
],
"rules": [
"<string>"
],
"disabled": [
"<string>"
],
"exception_type": "exclude"
}
}
],
"state_version": "a1b2c3d4",
"validation_errors": [
{
"code": "UNSUPPORTED_ACTION_TYPE",
"message": "<string>",
"policy_slug": "<string>",
"context": {}
}
]
}Authorizations
Get access to data with your API token. Example header:
Authorization: Bearer 2991e2fb4b540fe75b8f90677b0b892b6314e4961cb001fe6eb452eee248a628
The token can be provisioned from the Tokens section in your Settings, and requires explicitly enabling Web API access.
Path Parameters
The unique numerical identifier for the deployment.
1234
The product the candidate bundle applies to. One of: code, secrets.
"code"
Body
The candidate bundle to diff against the current state.
Show child attributes
Show child attributes
Response
OK
Exceptions that the apply would create.
Show child attributes
Show child attributes
The detection policy and exceptions that the apply would update.
Show child attributes
Show child attributes
Exceptions that the apply would delete.
Show child attributes
Show child attributes
The state_version the diff was computed against. Send this exact value as the If-Match header on the follow-up PUT.
"a1b2c3d4"
Validation problems with the candidate bundle. When non-empty, the diff fields are empty and a strict apply would be rejected.
Show child attributes
Show child attributes
Was this page helpful?