Create a Centralized Policy

Creates a new policy.

POST/csapi/v1.3/centralizedPolicy

Input ParametersInput Parameters

Parameter Mandatory/Optional Data Type Description
k8sFilters  Mandatory  ---- Specify cluster and namespace details.
Not required while creating Organization
level policy (k8sFilters: null).
cluster  Mandatory string Applicable for Cluster level policy.
Provides cluster details.
clusterUid  Mandatory string Applicable for Cluster level policy.
Specify UID of the cluster.
For example: a455f902-7e5a-6ccb-447cb0b18fa5ec94
clusterName  Mandatory string Applicable for Cluster level policy.
Specify name of the cluster.
namespace  Mandatory  ------ Applicable for Namespace level policy.
Provides details of the namespace.
namespaceUuid  Mandatory string Specify UUID of the namespace.
namespaceValue  Mandatory string Specify value of the namespace.
For example: acmecorp_qa
clusterUid Mandatory string Applicable for Namespace level policy.
Specify UID of the cluster.
policyName Mandatory string Enter a policy name of up to 150 characters.
description Mandatory string Enter a description for the policy of up to 250 characters.
policyType Mandatory string Specify the policy type.
Valid values: CICD, or K8S_Admission_Controller
policyMode Mandatory string Specify the policy mode as active to enforce the policy or inactive to keep the policy deactivated.
assetType Mandatory string Specify the asset type. Currently, only "CICD" is supported.
isDefault Mandatory string Specify whether to make it a default policy. The valid values are: true or false.
centralizedPolicyRules At least one active rule is mandatory -

Provide rules as part of the policy evaluation.

[
    {
        "name": "Rule123",
        "type": "IMAGESCAN_VULN_SEVERITYCOUNT",
        "action": "DENY",
        "isEnabled": true,
        "stopProcessing": false,
        "sortOrder": 0,
        "metaData": {
            "operator": "GREATER_THAN",
            "severityLevel": 1,
            "threshold": 1
        }
    }
]

This rule reads: If the count of vulnerabilities with severity level 1 is greater than 1, deny/fail the CICD build.

Where,

  • name: Specify the name of the rule.
  • type: Specify the type of the rule. Currently, you can create rules related to only the count of vulnerabilities of specific severity and the valid value is: "IMAGESCAN_VULN_SEVERITYCOUNT".
  • action: Specify ALLOW or DENY to pass or fail the CICD pipeline build.
  • isEnabled: Specify whether enforce the rule or keep it deactivated. The valid values are: true or false.
  • operator: Specify the operator of the equation. The valid values are GREATER_THAN and GREATER_THAN_EQUAL_TO.
  • threshold: Specify the maximum number of vulnerabilities allowed.
  • severityLevel: Specify the severity level of vulnerabilities.

Sample: Create a New PolicySample: Create a New Policy

API Request

curl -X "POST"
"<qualys_base_url>/csapi/v1.3/centralizedPolicy"
-H "accept: application/json"
-H "Authorization: Bearer <Token>"
-H "Content-Type: application/json"

Request Body for creating cluster level policy

'{
   "policyName": "k8sACP",
   "description": "Create a policy through API",
   "policyType": "K8S_ADMISSION_CONTROLLER",
   "centralizedPolicyRules": 
   [
     {
      "name": "rule23",
      "type": "IMAGESCAN_VULN_SEVERITYCOUNT",
      "action": "ALLOW",
      "isEnabled": true,
      "stopProcessing": true,
      "sortOrder": 0,
      "metaData": 
         {
          "operator": "GREATER_THAN",
          "threshold": 1,
          "severityLevel": 2
         }
      }
   ],
    "policyMode": "ACTIVE",
    "isDefault": false,
    "tagIds": [],
    "k8sFilters": 
[
    {
     "cluster": {
                 "clusterUid": "a455f902-9c93-450e-901c-b0b18fa5ec94",
                 "clusterName": "kubernetes-admin@kubernetes"
                },
    "namespace":null
     }
]
}'

Response

{
    "uuid": "d967073a-28d8-414d-b96d-3d19eaa20935"
}

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: October, 2025