Creating Xray Policies and Rules

JFrog Security Documentation

JFrog Xray
Content Type
User Guide

Policies define security and license compliance behavior specifications. Policies enable you to create a set of rules, in which each rule defines a license/security criteria, with a corresponding set of automatic actions according to your needs. Policies are enforced when applying them to Watches. A policy is contextless, which means that it only defines what to enforce and not what to enforce it on.

Separating the behavior you want to enforce from the context you want to enforce it on provides you with the following values:

  • Efficiency. Reduce work and save time by configuring your policies once and assigning them to multiple watches.

  • Flexibility. Configure multiple behaviours with additional functionality such as priority of your security rules.

  • Separate Concerns. Delegate permissions to different teams in your organization. Everything related to resources and filters is in the watch, and everything related to security and license compliance is in policies.


Starting from Xray 3.21.2, the Watches configuration has been moved from the Application Module to the Administration Module in the JFrog Platform UI.