Threatrix Documentation
Threatrix
  • Getting Started
  • Developer Quick Start
  • SecureShip
    • Artifactory Scanning
    • ThreatAgent Scanning
  • Threat Center
    • Creating Account
      • OAuth Login
    • Entity Dashboard
    • User Profile
  • AICertify
    • Reviewing Results
  • codecertify
    • Quick Start
    • Project Summary Tab
    • Components Tab
      • Custom Components
        • Adding
        • Editing
        • Important Notes
      • Header Panel
      • Module Tree Panel
      • Results Panel
        • Card View
        • Risk Graph View
      • Audit History
    • Assets Tab
      • Custom Asset Matches
        • Adding Asset Match
  • securecore
    • Project Dashboard
    • ThreatScan
    • Scan Results
  • Threat Agent
    • Threat Agent Overview
    • Threat Agent - Installation & Scanning
    • Scan Summary Reports
    • Resolving Errors
    • Scanning Container Images
  • Integrations
    • Dependency Managers
      • RENV
    • Build Integrations
      • AWS CodeBuild
      • Azure DevOps
      • Bitbucket Pipeline
      • CircleCI
      • GitHub Action
      • GitLab Pipeline
      • Jenkins Pipeline
    • SCM Integrations
      • GitLab
      • Bitbucket
    • Issue Management
      • Jira
    • Notifications
  • Policy Management
    • Policy Overview
    • Creating Policies
    • Policy Conditions
    • Policy Actions
    • Policy Scopes
  • Administration
    • User Management
    • Organization Settings
      • Organization Knowledge Base
      • Integration
        • Slack Integration
        • Jira Integration
        • Service Keys
    • RBAC
    • Entity Management
    • Okta
      • Okta Org2Org Integration
  • GraphQL API
    • API Overview
  • Resources
    • Dependency Managers
      • PIP
    • Dictionary
    • Licenses
    • Security & Privacy
    • Binary File Support
  • Hybrid / On Premise
    • Getting Started
    • Installation
    • Upgrade
    • Setup
    • Cloud Data Disclosure
    • Troubleshooting
Powered by GitBook
On this page
  • Conditions
  • Subordinate Conditions

Was this helpful?

  1. Policy Management

Policy Conditions

PreviousCreating PoliciesNextPolicy Actions

Last updated 3 years ago

Was this helpful?

Conditions

Conditions are the rules that define the policy. Our policy rules architecture allows for conditions to be combined by using operators, similar to SQL. This allows for the creation of very simple or very sophisticated policies. The following are several examples of conditions and their purpose.

Subordinate Conditions

Subordinate conditions are qualifiers and apply for all of the conditions contained in the policy. Like conditions, multiple subordinate conditions may be combined with AND/OR operators.

Each subordinate condition must be met for the policy to be triggered, even if all conditions are met. Note the following examples:

Scope conditions apply to current and subordinate scope based on the context of the policy. Organization policies will apply to all entities and projects. Entity policies will be applied to projects for that entity and all projects of subordinate entities. Project-level policies will be applied to that project alone.

A single condition that will by triggered by any scan with more than 0 High severity vulnerabilities
A combined condition that will by triggered by any scan with more than 0 High severity vulnerabilities OR a CVSS3 score >= 6
A combined condition that will by triggered by any scan with more than 0 High severity vulnerabilities OR a CVSS3 score >= 6 but ONLY if the count of vulnerabilities that match are >=10. The Auto Adjust flag automatically reduces the condition value "10", to continually lowers the watermark for triggering this policy
This is identical to the last example, above, except that this policy will not trigger unless the Release Stage is Production.
In this example, the Scope condition is set to "Component" which requires all of the conditions to apply to a single component vs being applied to all scan results.
Project tags ensure that your policy is only triggered for projects with the include tags.