Policies Security policies define the rules that Asymptote uses to scan and monitor your code.
List Policies View all policies configured for your organization:
$ asymptote policy list Name Status Rules Last Updated ─────────────────────────────────────────────────────────── Default Policy active 24 2d ago PCI Compliance active 42 1w ago HIPAA Security active 38 2w ago Custom Rules draft 8 3h ago
Apply a Policy Apply a policy to your current project:
asymptote policy apply < policy-nam e >
$ asymptote policy apply "PCI Compliance" ✓ Applied policy "PCI Compliance" to project Active rules: - no-hardcoded-secrets - no-sql-injection - secure-random - ... and 39 more
Flag Type Description --dry-runbool Show what would change without applying
View Policy Details See the rules in a specific policy:
asymptote policy show < policy-nam e >
$ asymptote policy show "Default Policy" Policy: Default Policy Status: active Rules: 24 Rule Severity Category ──────────────────────────────────────────────────── no-hardcoded-secrets critical secrets no-sql-injection high injection no-xss high injection no-eval high code-execution no-console-log low best-practices ...
Create a Policy Create a new policy from a YAML file:
asymptote policy create --file policy.yml
Example policy.yml:
name : My Custom Policy rules : - id : no-hardcoded-secrets severity : critical enabled : true - id : no-sql-injection severity : high enabled : true - id : no-console-log severity : low enabled : false
Update a Policy asymptote policy update < policy-nam e > --file policy.yml
Delete a Policy asymptote policy delete < policy-nam e >
Deleting a policy is permanent. Projects using this policy will fall back to the default policy.
Next: Manage allowlist Configure exceptions and allowlisted patterns.
