Policy Waiver Request REST API
This API can be used to create, retrieve, update and delete policy waivers requests.
Methods Supported:
GET
POST
PUT
GET Existing Waiver Requests
GET api/v2/policyWaiverRequests/{ownerType: application|organization|repository|repository_manager|repository_container}/{ownerId}/{policyWaiverRequestId}Use this method to retrieve the existing waiver requests by specifying the policyWaiverRequestID.
Input Parameter | Required | Description |
|---|---|---|
ownerType | Yes | The scope of the policy waiver request. Possible values are application, organization, repository, repository_manager or repository_ container. |
ownerId | Yes | The identifier for the ownerType provided above. |
policyWaiverRequestId | Yes | The identifier for the waiver request for which you want to retrieve the details. |
Example:
curl -u admin:admin123 -X GET http://localhost:8070/api/v2/policyWaiverRequests/application/68cc2742858f4bf7888bc34f9e95ad3d/3058258b647e45c8ad25b6b150297cca
Response:
The response contains the waiver request details for the specified policywaiverRequestId.
{
"policyName": "Security-High",
"scopeOwnerType": "application",
"scopeOwnerName": "Pub Test",
"noteToReviewer": "Optional notes giving more details to the reviewer.",
"componentIdentifier": {
"coordinates": {
"version": "1.0.0",
"name": "croupier"
},
"format": "pub"
},
"scopeOwnerId": "68cc2742858f4bf7888bc34f9e95ad3d",
"status": "REQUESTED",
"policyId": "42cd0281505a4271a3cd46836e267665",
"requesterName": "Admin BuiltIn",
"policyWaiverRequestId": "3058258b647e45c8ad25b6b150297cca",
"policyWaiverReasonId": "9b704ef5bc064fc29d7fe08a251ee9a6",
"vulnerabilityId": "CVE-2022-23540",
"associatedPackageUrl": "pkg:pub/croupier@1.0.0",
"constraintFactsJson": "[{\"constraintId\":\"7f1d44a9e880487ab6a818be8c5962a4\",\"constraintName\":\"High risk CVSS score\",\"operatorName\":\"AND\",\"conditionFacts\":[{\"conditionTypeId\":\"SecurityVulnerabilitySeverity\",\"conditionIndex\":0,\"summary\":\"Security Vulnerability Severity >= 7\",\"reason\":\"Found security vulnerability CVE-2022-23540 with severity >= 7 (severity = 7.6)\",\"reference\":{\"value\":\"CVE-2022-23540\",\"type\":\"SECURITY_VULNERABILITY_REFID\"},\"triggerJson\":\"{\\\"conditionIndex\\\":0,\\\"trigger\\\":{\\\"refId\\\":\\\"CVE-2022-23540\\\",\\\"severity\\\":7.6}}\"},{\"conditionTypeId\":\"SecurityVulnerabilitySeverity\",\"conditionIndex\":1,\"summary\":\"Security Vulnerability Severity < 9\",\"reason\":\"Found security vulnerability CVE-2022-23540 with severity < 9 (severity = 7.6)\",\"reference\":{\"value\":\"CVE-2022-23540\",\"type\":\"SECURITY_VULNERABILITY_REFID\"},\"triggerJson\":\"{\\\"conditionIndex\\\":1,\\\"trigger\\\":{\\\"refId\\\":\\\"CVE-2022-23540\\\",\\\"severity\\\":7.6}}\"}]}]",
"constraintFacts": [
{
"conditionFacts": [
{
"triggerJson": "{\"conditionIndex\":0,\"trigger\":{\"refId\":\"CVE-2022-23540\",\"severity\":7.6}}",
"reason": "Found security vulnerability CVE-2022-23540 with severity >= 7 (severity = 7.6)",
"summary": "Security Vulnerability Severity >= 7",
"conditionIndex": 0,
"conditionTypeId": "SecurityVulnerabilitySeverity",
"reference": {
"value": "CVE-2022-23540",
"type": "SECURITY_VULNERABILITY_REFID"
}
},{
"triggerJson": "{\"conditionIndex\":1,\"trigger\":{\"refId\":\"CVE-2022-23540\",\"severity\":7.6}}",
"reason": "Found security vulnerability CVE-2022-23540 with severity < 9 (severity = 7.6)",
"summary": "Security Vulnerability Severity < 9",
"conditionIndex": 1,
"conditionTypeId": "SecurityVulnerabilitySeverity",
"reference": {
"value": "CVE-2022-23540",
"type": "SECURITY_VULNERABILITY_REFID"
}
}],
"operatorName": "AND",
"constraintId": "7f1d44a9e880487ab6a818be8c5962a4",
"constraintName": "High risk CVSS score"
}],
"comment": "Optional comments explaining why the policy violation is waived.",
"displayName": {
"parts": [
{
"value": "croupier",
"field": "Name"
},{
"value": " : "
},{
"value": "1.0.0",
"field": "Version"
}],
"name": "croupier"
},
"hash": "794b85b341e1fa0a149a",
"matcherStrategy": "EXACT_COMPONENT",
"policyViolationId": "a0d65d48322c4056b1bd3d79ba7e696b",
"reasonText": "Acknowledged violation",
"expiryTime": "2025-12-26T00:00:00.000+0000",
"requesterId": "admin",
"requestTime": "2025-05-30T15:00:51.438+0000",
"expireWhenRemediationAvailable": false
}POST for New Policy Waiver Request
POST api/v2/policyWaiverRequests/{ownerType: application|organization|repository|repository_manager|repository_container}/{ownerId}/policyViolation/{policyViolationId}Use this method to create a new waiver request for a policy violation at the application, organization, or repository level.
Input Parameters | Required | Description |
|---|---|---|
ownerType | Yes | The scope of the policy waiver request. Possible values are application, organization, repository, repository_manager or repository_ container. |
ownerId | Yes | The identifier for the ownerType provided above. |
policyViolationId | Yes | The policyViolationId for the policy violation on which you want to create a policy waiver request. Use the Policy Violation REST API or Report REST API to obtain the policyViolationId. |
The details for the policy waiver request can be included in the JSON payload as below
Payload Example:
{
"matcherStrategy": "ALL_COMPONENTS",
"expiryTime": "2025-12-26T00:00:00.000+0000",
"expireWhenRemediationAvailable": false,
"waiverReasonId": "9b704ef5bc064fc29d7fe08a251ee9a6",
"comment": "Optional comments explaining why the policy violation is waived.",
"noteToReviewer": "Optional notes giving more details to the reviewer."
}Property | Default Value | Description |
|---|---|---|
matcherStrategy | Enumeration field. Possible values: EXACT_COMPONENT, ALL_COMPONENTS, ALL_VERSIONS | |
expiryTime | null | Optional, datetime to indicate expiry time of the waiver. |
expireWhenRemediationAvailable | false | Indicates if the policy waiver (if the policy waiver request is approved) should expire when a remediation is available. |
waiverReasonId | null | The id associated with the waiver reason. Use the Waiver Reason REST API for available waiver reasons and the corresponding ids. |
comment | null | Optional, describes the waiver request. |
noteToReviewer | null | Optional, additional details for the reviewer to justify the waiver request. |
Example:
curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"matcherStrategy": "ALL_COMPONENTS", "expiryTime": "2025-12-26T00:00:00.000+0000", "expireWhenRemediationAvailable": false, "waiverReasonId": "9b704ef5bc064fc29d7fe08a251ee9a6", "comment": "Optional comments explaining why the policy violation is waived.", "noteToReviewer": "Optional notes giving more details to the reviewer."}' http://localhost:8070/api/v2/policyWaiverRequests/application/68cc2742858f4bf7888bc34f9e95ad3d/policyViolation/a0d65d48322c4056b1bd3d79ba7e696bResponse:
{
"policyName": "Security-High",
"scopeOwnerType": "application",
"scopeOwnerName": "Test App",
"noteToReviewer": "Optional notes giving more details to the reviewer.",
"componentIdentifier": null,
"scopeOwnerId": "68cc2742858f4bf7888bc34f9e95ad3d",
"status": "REQUESTED",
"policyId": "42cd0281505a4271a3cd46836e267665",
"requesterName": "Admin BuiltIn",
"policyWaiverRequestId": "3058258b647e45c8ad25b6b150297cca",
"policyWaiverReasonId": "9b704ef5bc064fc29d7fe08a251ee9a6",
"vulnerabilityId": "CVE-2022-23540",
"associatedPackageUrl": null,
"constraintFactsJson": "[{\"constraintId\":\"7f1d44a9e880487ab6a818be8c5962a4\",\"constraintName\":\"High risk CVSS score\",\"operatorName\":\"AND\",\"conditionFacts\":[{\"conditionTypeId\":\"SecurityVulnerabilitySeverity\",\"conditionIndex\":0,\"summary\":\"Security Vulnerability Severity >= 7\",\"reason\":\"Found security vulnerability CVE-2022-23540 with severity >= 7 (severity = 7.6)\",\"reference\":{\"value\":\"CVE-2022-23540\",\"type\":\"SECURITY_VULNERABILITY_REFID\"},\"triggerJson\":\"{\\\"conditionIndex\\\":0,\\\"trigger\\\":{\\\"refId\\\":\\\"CVE-2022-23540\\\",\\\"severity\\\":7.6}}\"},{\"conditionTypeId\":\"SecurityVulnerabilitySeverity\",\"conditionIndex\":1,\"summary\":\"Security Vulnerability Severity < 9\",\"reason\":\"Found security vulnerability CVE-2022-23540 with severity < 9 (severity = 7.6)\",\"reference\":{\"value\":\"CVE-2022-23540\",\"type\":\"SECURITY_VULNERABILITY_REFID\"},\"triggerJson\":\"{\\\"conditionIndex\\\":1,\\\"trigger\\\":{\\\"refId\\\":\\\"CVE-2022-23540\\\",\\\"severity\\\":7.6}}\"}]}]",
"constraintFacts": [
{
"conditionFacts": [
{
"triggerJson": "{\"conditionIndex\":0,\"trigger\":{\"refId\":\"CVE-2022-23540\",\"severity\":7.6}}",
"reason": "Found security vulnerability CVE-2022-23540 with severity >= 7 (severity = 7.6)",
"summary": "Security Vulnerability Severity >= 7",
"conditionIndex": 0,
"conditionTypeId": "SecurityVulnerabilitySeverity",
"reference": {
"value": "CVE-2022-23540",
"type": "SECURITY_VULNERABILITY_REFID"
}
},{
"triggerJson": "{\"conditionIndex\":1,\"trigger\":{\"refId\":\"CVE-2022-23540\",\"severity\":7.6}}",
"reason": "Found security vulnerability CVE-2022-23540 with severity < 9 (severity = 7.6)",
"summary": "Security Vulnerability Severity < 9",
"conditionIndex": 1,
"conditionTypeId": "SecurityVulnerabilitySeverity",
"reference": {
"value": "CVE-2022-23540",
"type": "SECURITY_VULNERABILITY_REFID"
}
}],
"operatorName": "AND",
"constraintId": "7f1d44a9e880487ab6a818be8c5962a4",
"constraintName": "High risk CVSS score"
}],
"comment": "Optional comments explaining why the policy violation is waived.",
"displayName": null,
"hash": null,
"matcherStrategy": "ALL_COMPONENTS",
"policyViolationId": "a0d65d48322c4056b1bd3d79ba7e696b",
"reasonText": "Acknowledged violation",
"expiryTime": "2025-12-26T00:00:00.000+0000",
"requesterId": "admin",
"requestTime": "2025-05-30T15:00:51.438+0000",
"expireWhenRemediationAvailable": false
}POST to Review (Approve or Reject) a Policy Waiver Request
POST api/v2/policyWaiverRequests/{ownerType: application|organization|repository|repository_manager|repository_container}/{ownerId}/review/{policyWaiverRequestId}Use this method to approve or reject a request for a policy violation waiver.
Input Parameters | Required | Description |
|---|---|---|
ownerType | Yes | The scope of the policy waiver request. Possible values are application, organization, repository, repository_manager or repository_ container. |
ownerId | Yes | The identifier for the ownerType provided above. |
policyWaiverRequestId | Yes | The id of the policy waiver request to be approved or rejected. |
The details for the policy waiver request that is being approved or rejected, can be included in the JSON payload as below:
Payload :
Property | Default Value | Description |
|---|---|---|
status | Possible values are APPROVED or REJECTED | |
rejectionReason | null | Reason for rejection when status is REJECTED |
matcherStrategy | Enumeration field. Possible values are EXACT_COMPONENT, ALL_COMPONENTS, ALL_VERSIONS in case status is APPROVED | |
expiryTime | null | Optional, datetime to indicate expiry time of the waiver. |
expireWhenRemediationAvailable | false | Indicates if the policy waiver (if the policy waiver request is approved) should expire when a remediation is available. |
waiverReasonId | null | The id associated with the waiver reason. Use the Waiver Reason REST API for available waiver reasons and the corresponding ids. |
comment | null | Optional, describes the waiver request. |
Example:
curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"status": "APPROVED", "matcherStrategy": "EXACT_COMPONENT", "expiryTime": "2025-12-26T00:00:00.000+0000", "expireWhenRemediationAvailable": false, "waiverReasonId": "9b704ef5bc064fc29d7fe08a251ee9a6", "comment": "Optional comments explaining why the policy violation is waived."}' http://localhost:8070/api/v2/policyWaiverRequests/application/68cc2742858f4bf7888bc34f9e95ad3d/review/3058258b647e45c8ad25b6b150297ccaResponse:
Note that the status field is APPROVED for this waiver request.
{
"policyName": "Security-High",
"scopeOwnerType": "application",
"scopeOwnerName": "Test App",
"noteToReviewer": "Optional notes giving more details to the reviewer.",
"componentIdentifier": {
"coordinates": {
"version": "1.0.0",
"name": "croupier"
},
"format": "pub"
},
"scopeOwnerId": "68cc2742858f4bf7888bc34f9e95ad3d",
"status": "APPROVED",
"policyId": "42cd0281505a4271a3cd46836e267665",
"requesterName": "Admin BuiltIn",
"policyWaiverRequestId": "3058258b647e45c8ad25b6b150297cca",
"policyWaiverReasonId": "9b704ef5bc064fc29d7fe08a251ee9a6",
"vulnerabilityId": "CVE-2022-23540",
"reviewerName": "Admin BuiltIn",
"associatedPackageUrl": "pkg:pub/croupier@1.0.0",
"constraintFactsJson": "[{\"constraintId\":\"7f1d44a9e880487ab6a818be8c5962a4\",\"constraintName\":\"High risk CVSS score\",\"operatorName\":\"AND\",\"conditionFacts\":[{\"conditionTypeId\":\"SecurityVulnerabilitySeverity\",\"conditionIndex\":0,\"summary\":\"Security Vulnerability Severity >= 7\",\"reason\":\"Found security vulnerability CVE-2022-23540 with severity >= 7 (severity = 7.6)\",\"reference\":{\"value\":\"CVE-2022-23540\",\"type\":\"SECURITY_VULNERABILITY_REFID\"},\"triggerJson\":\"{\\\"conditionIndex\\\":0,\\\"trigger\\\":{\\\"refId\\\":\\\"CVE-2022-23540\\\",\\\"severity\\\":7.6}}\"},{\"conditionTypeId\":\"SecurityVulnerabilitySeverity\",\"conditionIndex\":1,\"summary\":\"Security Vulnerability Severity < 9\",\"reason\":\"Found security vulnerability CVE-2022-23540 with severity < 9 (severity = 7.6)\",\"reference\":{\"value\":\"CVE-2022-23540\",\"type\":\"SECURITY_VULNERABILITY_REFID\"},\"triggerJson\":\"{\\\"conditionIndex\\\":1,\\\"trigger\\\":{\\\"refId\\\":\\\"CVE-2022-23540\\\",\\\"severity\\\":7.6}}\"}]}]",
"reviewerId": "admin",
"constraintFacts": [
{
"conditionFacts": [
{
"triggerJson": "{\"conditionIndex\":0,\"trigger\":{\"refId\":\"CVE-2022-23540\",\"severity\":7.6}}",
"reason": "Found security vulnerability CVE-2022-23540 with severity >= 7 (severity = 7.6)",
"summary": "Security Vulnerability Severity >= 7",
"conditionIndex": 0,
"conditionTypeId": "SecurityVulnerabilitySeverity",
"reference": {
"value": "CVE-2022-23540",
"type": "SECURITY_VULNERABILITY_REFID"
}
},{
"triggerJson": "{\"conditionIndex\":1,\"trigger\":{\"refId\":\"CVE-2022-23540\",\"severity\":7.6}}",
"reason": "Found security vulnerability CVE-2022-23540 with severity < 9 (severity = 7.6)",
"summary": "Security Vulnerability Severity < 9",
"conditionIndex": 1,
"conditionTypeId": "SecurityVulnerabilitySeverity",
"reference": {
"value": "CVE-2022-23540",
"type": "SECURITY_VULNERABILITY_REFID"
}
}],
"operatorName": "AND",
"constraintId": "7f1d44a9e880487ab6a818be8c5962a4",
"constraintName": "High risk CVSS score"
}],
"comment": "Optional comments explaining why the policy violation is waived.",
"displayName": {
"parts": [
{
"value": "croupier",
"field": "Name"
},{
"value": " : "
},{
"value": "1.0.0",
"field": "Version"
}],
"name": "croupier"
},
"hash": "794b85b341e1fa0a149a",
"matcherStrategy": "EXACT_COMPONENT",
"policyViolationId": "a0d65d48322c4056b1bd3d79ba7e696b",
"reasonText": "Acknowledged violation",
"expiryTime": "2025-12-26T00:00:00.000+0000",
"requesterId": "admin",
"requestTime": "2025-05-30T15:00:51.438+0000",
"expireWhenRemediationAvailable": false
}PUT to Update a Waiver Request
PUT api/v2/policyWaiverRequests/{ownerType: application|organization|repository|repository_manager|repository_container}/{ownerId}/{policyWaiverRequestId}Use this method to update an existing waiver request, by specifying the waiver request Id.
Input Parameters | Required | Description |
|---|---|---|
ownerType | Yes | The scope of the policy waiver request. Possible values are application, organization, repository, repository_manager, repository_container. |
ownerId | Yes | The id for the ownerType provided above. |
policyWaiverRequestId | Yes | The id of the policy waiver request to be updated. |
The details to be updated for the policy waiver request can be included in the JSON payload.
See description for the JSON payload.
Payload Example:
{
"matcherStrategy": "EXACT_COMPONENT",
"expiryTime": "2025-12-26T00:00:00.000+0000",
"expireWhenRemediationAvailable": false,
"waiverReasonId": "9b704ef5bc064fc29d7fe08a251ee9a6",
"comment": "Optional comments explaining why the policy violation is waived.",
"noteToReviewer": "Optional notes giving more details to the reviewer."
}Example:
curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '{"matcherStrategy": "EXACT_COMPONENT", "expiryTime": "2025-12-26T00:00:00.000+0000", "expireWhenRemediationAvailable": false, "waiverReasonId": "9b704ef5bc064fc29d7fe08a251ee9a6", "comment": "Optional comments explaining why the policy violation is waived.", "noteToReviewer": "Optional notes giving more details to the reviewer."}' http://localhost:8070/api/v2/policyWaiverRequests/application/68cc2742858f4bf7888bc34f9e95ad3d/3058258b647e45c8ad25b6b150297ccaResponse:
{
"policyName": "Security-High",
"scopeOwnerType": "application",
"scopeOwnerName": "Test App",
"noteToReviewer": "Optional notes giving more details to the reviewer.",
"componentIdentifier": {
"coordinates": {
"version": "1.0.0",
"name": "croupier"
},
"format": "pub"
},
"scopeOwnerId": "68cc2742858f4bf7888bc34f9e95ad3d",
"status": "REQUESTED",
"policyId": "42cd0281505a4271a3cd46836e267665",
"requesterName": "Admin BuiltIn",
"policyWaiverRequestId": "3058258b647e45c8ad25b6b150297cca",
"policyWaiverReasonId": "9b704ef5bc064fc29d7fe08a251ee9a6",
"vulnerabilityId": "CVE-2022-23540",
"associatedPackageUrl": "pkg:pub/croupier@1.0.0",
"constraintFactsJson": "[{\"constraintId\":\"7f1d44a9e880487ab6a818be8c5962a4\",\"constraintName\":\"High risk CVSS score\",\"operatorName\":\"AND\",\"conditionFacts\":[{\"conditionTypeId\":\"SecurityVulnerabilitySeverity\",\"conditionIndex\":0,\"summary\":\"Security Vulnerability Severity >= 7\",\"reason\":\"Found security vulnerability CVE-2022-23540 with severity >= 7 (severity = 7.6)\",\"reference\":{\"value\":\"CVE-2022-23540\",\"type\":\"SECURITY_VULNERABILITY_REFID\"},\"triggerJson\":\"{\\\"conditionIndex\\\":0,\\\"trigger\\\":{\\\"refId\\\":\\\"CVE-2022-23540\\\",\\\"severity\\\":7.6}}\"},{\"conditionTypeId\":\"SecurityVulnerabilitySeverity\",\"conditionIndex\":1,\"summary\":\"Security Vulnerability Severity < 9\",\"reason\":\"Found security vulnerability CVE-2022-23540 with severity < 9 (severity = 7.6)\",\"reference\":{\"value\":\"CVE-2022-23540\",\"type\":\"SECURITY_VULNERABILITY_REFID\"},\"triggerJson\":\"{\\\"conditionIndex\\\":1,\\\"trigger\\\":{\\\"refId\\\":\\\"CVE-2022-23540\\\",\\\"severity\\\":7.6}}\"}]}]",
"constraintFacts": [
{
"conditionFacts": [
{
"triggerJson": "{\"conditionIndex\":0,\"trigger\":{\"refId\":\"CVE-2022-23540\",\"severity\":7.6}}",
"reason": "Found security vulnerability CVE-2022-23540 with severity >= 7 (severity = 7.6)",
"summary": "Security Vulnerability Severity >= 7",
"conditionIndex": 0,
"conditionTypeId": "SecurityVulnerabilitySeverity",
"reference": {
"value": "CVE-2022-23540",
"type": "SECURITY_VULNERABILITY_REFID"
}
},{
"triggerJson": "{\"conditionIndex\":1,\"trigger\":{\"refId\":\"CVE-2022-23540\",\"severity\":7.6}}",
"reason": "Found security vulnerability CVE-2022-23540 with severity < 9 (severity = 7.6)",
"summary": "Security Vulnerability Severity < 9",
"conditionIndex": 1,
"conditionTypeId": "SecurityVulnerabilitySeverity",
"reference": {
"value": "CVE-2022-23540",
"type": "SECURITY_VULNERABILITY_REFID"
}
}],
"operatorName": "AND",
"constraintId": "7f1d44a9e880487ab6a818be8c5962a4",
"constraintName": "High risk CVSS score"
}],
"comment": "Optional comments explaining why the policy violation is waived.",
"displayName": {
"parts": [
{
"value": "croupier",
"field": "Name"
},{
"value": " : "
},{
"value": "1.0.0",
"field": "Version"
}],
"name": "croupier"
},
"hash": "794b85b341e1fa0a149a",
"matcherStrategy": "EXACT_COMPONENT",
"policyViolationId": "a0d65d48322c4056b1bd3d79ba7e696b",
"reasonText": "Acknowledged violation",
"expiryTime": "2025-12-26T00:00:00.000+0000",
"requesterId": "admin",
"requestTime": "2025-05-30T15:00:51.438+0000",
"expireWhenRemediationAvailable": false
}