StackHawk Documentation StackHawk Logo HawkDocs
api
scan policies
assign app plugins

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc

Assign app scan policy plugins

PUT /api/v1/app/{appId}/policy/assign

Assign Scan policy

This endpoint is used to assign scan policy plugins to the scan policy of this application.

The scan policy determines the set of vulnerability checks, known as 'plugins', and the technology flags that configure StackHawk security tests. Scan policies can be either predefined StackHawk Policies, identified by name, or customized Application Policies specific to an applicationId.

Usage:

  • Utilize the All StackHawk Scan Policies endpoint to retrieve the names of accepted StackHawk scan policies.
  • Plugins within the scan policy dictate the vulnerability checks conducted in StackHawk security tests.
  • Technology flags within the scan policy further refine the behavior of these vulnerability checks in relation to applicable technologies.

Scan Policy Types:

  • StackHawk Policies: Identified by name, these predefined policies provide a standard set of plugins and tech flag configurations.
  • Application Policies: Tailored per applicationId, allowing for customized application-specific plugin and tech flag configurations.

🧾 Audited This is recorded as APPLICATION_POLICY_MODIFIED User Activity.

Requires write:policy permission.

Path parameters

appIdstring · uuidrequired

UUID identifier for this StackHawk Application.

Query parameters

policyNamestring

A named StackHawk scan policy, or the DEFAULT policy if not provided.

default: "DEFAULT"

Response

OK

scanPolicy
scanpolicy.ScanPolicy
Hide child attributesShow child attributes
scanPolicy.applicationId
string read-only

The UUID identifier of the scan policy application. If no application ID is present, the scan policy is defined by StackHawk. If the application ID is present, then the scan policy is customized for the given application only.

scanPolicy.description
string

The description for this policy.

scanPolicy.displayName
string

The human readable display name for this policy.

scanPolicy.id
string read-only

The UUID identifier of this scan policy.

scanPolicy.isCustomized
boolean

Indicates whether the plugins have been updated from original scan policy.

scanPolicy.name
string

The referencable unique name of a StackHawk scan policy.

scanPolicy.plugins
scanpolicy.Plugin[]

List of the plugins defined for this policy.

Hide child attributesShow child attributes
scanPolicy.plugins.defaultRisk
enum<string> read-only

Default risk for this plugin. Currently unused.

5 available options
UNKNOWNINFOLOWMEDIUMHIGH
scanPolicy.plugins.enabled
boolean

Enables the plugin. Plugins will only run in a scan when marked as enabled.

scanPolicy.plugins.name
string

The Plugin name.

scanPolicy.plugins.pluginId
string

The UUID identifier of this plugin.

scanPolicy.plugins.pluginType
enum<string>

The type of plugin to run as. Either ACTIVE or PASSIVE.

2 available options
ACTIVEPASSIVE
scanPolicy.plugins.status
enum<string> read-only

The release quality of this plugin.

3 available options
ADDON_STATUS_ALPHAADDON_STATUS_BETAADDON_STATUS_RELEASE
scanPolicy.plugins.strength
enum<string> write-only

The strength of this plugin. Currently unused.

5 available options
STRENGTH_LOWSTRENGTH_MEDIUMSTRENGTH_HIGHSTRENGTH_INSANESTRENGTH_OFF
scanPolicy.plugins.threshold
enum<string> write-only

The threshold of this plugin. Currently unused.

4 available options
THRESHOLD_LOWTHRESHOLD_MEDIUMTHRESHOLD_HIGHTHRESHOLD_OFF
scanPolicy.techFlags
object read-only

Technology flags for this policy. This is a collection of specific technology identifiers that further configure scan behavior.

scanPolicy
scanpolicy.ScanPolicy
Hide child attributesShow child attributes
scanPolicy.applicationId
string read-only

The UUID identifier of the scan policy application. If no application ID is present, the scan policy is defined by StackHawk. If the application ID is present, then the scan policy is customized for the given application only.

scanPolicy.description
string

The description for this policy.

scanPolicy.displayName
string

The human readable display name for this policy.

scanPolicy.id
string read-only

The UUID identifier of this scan policy.

scanPolicy.isCustomized
boolean

Indicates whether the plugins have been updated from original scan policy.

scanPolicy.name
string

The referencable unique name of a StackHawk scan policy.

scanPolicy.plugins
scanpolicy.Plugin[]

List of the plugins defined for this policy.

Hide child attributesShow child attributes
scanPolicy.plugins.defaultRisk
enum<string> read-only

Default risk for this plugin. Currently unused.

5 available options
UNKNOWNINFOLOWMEDIUMHIGH
scanPolicy.plugins.enabled
boolean

Enables the plugin. Plugins will only run in a scan when marked as enabled.

scanPolicy.plugins.name
string

The Plugin name.

scanPolicy.plugins.pluginId
string

The UUID identifier of this plugin.

scanPolicy.plugins.pluginType
enum<string>

The type of plugin to run as. Either ACTIVE or PASSIVE.

2 available options
ACTIVEPASSIVE
scanPolicy.plugins.status
enum<string> read-only

The release quality of this plugin.

3 available options
ADDON_STATUS_ALPHAADDON_STATUS_BETAADDON_STATUS_RELEASE
scanPolicy.plugins.strength
enum<string> write-only

The strength of this plugin. Currently unused.

5 available options
STRENGTH_LOWSTRENGTH_MEDIUMSTRENGTH_HIGHSTRENGTH_INSANESTRENGTH_OFF
scanPolicy.plugins.threshold
enum<string> write-only

The threshold of this plugin. Currently unused.

4 available options
THRESHOLD_LOWTHRESHOLD_MEDIUMTHRESHOLD_HIGHTHRESHOLD_OFF
scanPolicy.techFlags
object read-only

Technology flags for this policy. This is a collection of specific technology identifiers that further configure scan behavior.

Bad Request

Unauthorized

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy