Security Policies

Configure security policies for your assets. Policies define when CI scans should fail and which rules to ignore.

What are Security Policies?

Security policies define the rules for when CI scans should fail. You can set severity thresholds, ignore specific rules, and configure CORS origins. Policies are enforced during CI/CD pipeline runs.

Asset Policies

Configure policies for each asset

Loading assets...

How Policies Work

1. Configure Policy

Set severity thresholds and rules for each asset. Define when CI scans should fail.

2. CI Enforcement

During CI scans, CyRook checks findings against your configured policies.

3. Gate Deployment

If findings violate policy rules, the CI pipeline fails and deployment is blocked.