jfrog · EyalDelarea · Jan 6, 2025 · Jan 1, 2025 · Jan 1, 2025 · Jan 1, 2025
diff --git a/tests/xraypolicy_test.go b/tests/xraypolicy_test.go
@@ -30,7 +30,7 @@ func createMinSeverity(t *testing.T) {
 
 	policyRule := utils.PolicyRule{
 		Name:     "min-severity" + getRunId(),
-		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Low),
+		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Low, false),
 		Priority: 1,
 	}
 	createAndCheckPolicy(t, policyName, true, utils.Security, policyRule)
@@ -78,12 +78,12 @@ func create2Priorities(t *testing.T) {
 
 	policyRule1 := utils.PolicyRule{
 		Name:     "priority-1" + getRunId(),
-		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Low),
+		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Low, false),
 		Priority: 1,
 	}
 	policyRule2 := utils.PolicyRule{
 		Name:     "priority-2" + getRunId(),
-		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Medium),
+		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Medium, false),
 		Priority: 2,
 	}
 	createAndCheckPolicy(t, policyName, true, utils.Security, policyRule1, policyRule2)
@@ -95,7 +95,7 @@ func createPolicyActions(t *testing.T) {
 
 	policyRule := utils.PolicyRule{
 		Name:     "policy-actions" + getRunId(),
-		Criteria: *utils.CreateSeverityPolicyCriteria(utils.High),
+		Criteria: *utils.CreateSeverityPolicyCriteria(utils.High, false),
 		Priority: 1,
 		Actions: &utils.PolicyAction{
 			BlockDownload: utils.PolicyBlockDownload{
@@ -118,14 +118,14 @@ func createUpdatePolicy(t *testing.T) {
 
 	policyRule := utils.PolicyRule{
 		Name:     "low-severity" + getRunId(),
-		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Low),
+		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Low, false),
 		Priority: 1,
 	}
 	createAndCheckPolicy(t, policyName, true, utils.Security, policyRule)
 
 	policyRule = utils.PolicyRule{
 		Name:     "medium-severity" + getRunId(),
-		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Medium),
+		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Medium, false),
 		Priority: 1,
 	}
 

diff --git a/tests/xraywatch_test.go b/tests/xraywatch_test.go
@@ -364,7 +364,7 @@ func createDummyPolicy(policyName string) error {
 		Type:        utils.Security,
 		Rules: []utils.PolicyRule{{
 			Name:     "sec_rule",
-			Criteria: *utils.CreateSeverityPolicyCriteria(utils.Medium),
+			Criteria: *utils.CreateSeverityPolicyCriteria(utils.Medium, false),
 			Actions: &utils.PolicyAction{
 				Webhooks: []string{},
 				BlockDownload: utils.PolicyBlockDownload{

diff --git a/xray/services/scan.go b/xray/services/scan.go
@@ -320,8 +320,11 @@ type JfrogResearchSeverityReason struct {
 }
 
 type Policy struct {
-	Policy string `json:"policy,omitempty"`
-	Rule   string `json:"rule,omitempty"`
+	Policy            string `json:"policy,omitempty"`
+	Rule              string `json:"rule,omitempty"`
+	IsBlocking        bool   `json:"is_blocking,omitempty"`
+	IgnoreRuleId      string `json:"ignore_rule_id,omitempty"`
+	SkipNotApplicable bool   `json:"is_skip_not_applicable,omitempty"`
 }
 
 func (gp *XrayGraphScanParams) GetProjectKey() string {

diff --git a/xray/services/utils/policybody.go b/xray/services/utils/policybody.go
@@ -56,10 +56,11 @@ type PolicyRule struct {
 
 type PolicyCriteria struct {
 	// Security
-	MinSeverity Severity                `json:"min_severity,omitempty"`
-	CvssRange   *PolicyCvssRange        `json:"cvss_range,omitempty"`
-	Exposures   *PolicyExposureCriteria `json:"exposures,omitempty"`
-	Sast        *PolicySastCriteria     `json:"sast,omitempty"`
+	MinSeverity           Severity                `json:"min_severity,omitempty"`
+	CvssRange             *PolicyCvssRange        `json:"cvss_range,omitempty"`
+	Exposures             *PolicyExposureCriteria `json:"exposures,omitempty"`
+	Sast                  *PolicySastCriteria     `json:"sast,omitempty"`
+	SkipNotApplicableCVEs bool                    `json:"applicable_cves_only,omitempty"`
 
 	// License
 	AllowedLicenses        []string `json:"allowed_licenses,omitempty"`
@@ -102,9 +103,10 @@ type PolicyBlockDownload struct {
 }
 
 // Create security policy criteria with min severity
-func CreateSeverityPolicyCriteria(minSeverity Severity) *PolicyCriteria {
+func CreateSeverityPolicyCriteria(minSeverity Severity, skipNotApplicableCves bool) *PolicyCriteria {
 	return &PolicyCriteria{
-		MinSeverity: minSeverity,
+		MinSeverity:           minSeverity,
+		SkipNotApplicableCVEs: skipNotApplicableCves,
 	}
 }