Policy Waiver REST API - v2

Policy Waivers

Getting Policy Waivers

NEW IN RELEASE 92

Policy waivers for an application can be retrieved by sending a GET request to

GET /api/v2/policyWaivers/application/{applicationId}

As an example, to get policy waivers for the application with id 787c2e3dc8e745c48743926251eef00b using cURL the command would be as follows:

curl -u admin:admin123 http://localhost:8070/api/v2/policyWaivers/application/787c2e3dc8e745c48743926251eef00b

The server returns the list of policy waivers related to the application. A sample response would be as follows:

[
  {
    "policyWaiverId": "4dc85bcf566f4a9b83550267d9e80074",
    "comment": "Lorem ipsum.",
    "createTime": "2020-05-20T14:47:56.137+0000",
    "scopeOwnerType": "application",
    "scopeOwnerId": "787c2e3dc8e745c48743926251eef00b",
    "scopeOwnerName": "My-Application",
    "hash": "81e4d9cc2e8fac88ab4e",
    "policyId": "b7863359e04e443e803caf0389e779b1"
  },
  {
    "policyWaiverId": "079dc8bdae7348e48a1b0939715d5e47",
    "comment": "1234",
    "createTime": "2020-05-20T14:47:39.511+0000",
    "scopeOwnerType": "application",
    "scopeOwnerId": "787c2e3dc8e745c48743926251eef00b",
    "scopeOwnerName": "My-Application",
    "hash": "52ee272b0181a1c0df5c",
    "policyId": "b7863359e04e443e803caf0389e779b1"
  }
]

Policy waivers for an organization or a repository can be retrieved by replacing the  application  in the path mentioned above either by an  organization repository  or  repository_container  and using the  id  of the relevant owner as follows.

GET /api/v2/policyWaivers/organization/{organizationId}
GET /api/v2/policyWaivers/repository/{repositoryId}
GET /api/v2/policyWaivers/repository_container/REPOSITORY_CONTAINER_ID

Deleting a Policy Waiver

NEW IN RELEASE 90

A policy waiver for an application can be deleted by sending a DELETE request to

DELETE /api/v2/policyWaivers/application/{applicationId}/{policyWaiverId}

As an example, in order to delete a policy waiver with id d248b438595740119043dd49a1a146da using cURL for the application with id 787c2e3dc8e745c48743926251eef00b the command would be as follows:

curl -u admin:admin123 -X DELETE http://localhost:8070/api/v2/policyWaivers/application/787c2e3dc8e745c48743926251eef00b/d248b438595740119043dd49a1a146da

The server returns no content in case of success.

A policy waiver can be deleted for an organization or a repository by replacing the 
application  in the path mentioned above either by an  organization repository  or  repository_container  and using the  id  of the relevant owner as follows.

DELETE /api/v2/policyWaivers/organization/{organizationId}/{policyWaiverId}
DELETE /api/v2/policyWaivers/repository/{repositoryId}/{policyWaiverId}
DELETE /api/v2/policyWaivers/repository_container/REPOSITORY_CONTAINER_ID/{policyWaiverId}

Policy Violation Waivers

NEW IN RELEASE 71

The Policy Violation Waiver API is used to create waivers for specific policy violations.  The intended use is for workflows that require separate review and approval for waiving violations, which uses the Policy Violation ID. The Policy Violation ID, along with the scope of application or organization, is required for the API call. A comment is optional when adding the waiver. The Policy Violation ID can be obtained by Requesting a Waiver to be AddedPolicy Violation REST API, or Report Related REST API.

To create a waiver the policy violation ID must be known in advance:

POST /api/v2/policyWaiver/{policyViolationId}/{application|organization}

A sample request to create an application waiver with a comment is done with the following command (comment is optional):

curl -u user:password -H "Content-Type: text/plain; charset=UTF-8" -X POST http://localhost:8070/api/v2/policyWaiver/14f3e0fbc3884c21ac19bce74d7107c1/application --data-binary "waiver comment (optional)"

The server will respond with a 204 status upon success.  There is no content in the response.