Policy Results

columns array[string] required
Column names (policy pack names) in order
rows array[PolicyComplianceResult] required
List of policy compliance result rows
↳ entityName string required
Entity name (stack name or account name)
↳ scores array[integer] required
Array of compliance scores correlating to columns array. -1 indicates N/A
continuationToken string optional
Continuation token for next page

Errors: 400 Invalid entity parameter. Must be 'stack', 'account', or 'severity' 404 Organization not found

List Policy Issues

▼

POST /api/orgs/{orgName}/policyresults/issues

Returns all policy issues for an organization with support for pagination and advanced filtering via the grid request format. Policy issues represent violations detected by Policy Packs during stack updates or continuous compliance scans. Each issue includes the violating resource, policy details, enforcement level (advisory or mandatory), severity, and triage status.

Request Parameters

orgName string path required
The organization name

Request Body

Schema: AngularGridGetRowsRequest

startRow integer optional
The start row
endRow integer optional
The end row
rowGroupCols array[AngularGridColumn] required
List of row group cols
↳ id string required
The unique identifier
↳ displayName string required
The display name
↳ field string optional
The field
↳ aggFunc string optional
The agg func
valueCols array[AngularGridColumn] required
List of value cols
↳ id string required
The unique identifier
↳ displayName string required
The display name
↳ field string optional
The field
↳ aggFunc string optional
The agg func
groupKeys array[string] required
List of group keys
filterModel AngularGridAdvancedFilterModel required
The filter model
↳ type string required
The type
↳ conditions array[AngularGridFilterModel] required
List of conditions
sortModel array[AngularGridSortModelItem] required
List of sort model
↳ colId string required
Column Id to apply the sort to.
↳ sort string required
Sort direction

Responses

200 OK

Schema: ListPolicyIssuesResponse

policyIssues array[PolicyIssue] required
The list of policy issues
↳ id string required
The unique identifier of the policy issue.
↳ entityType enum required
The type of entity this issue applies to.
Values: stack, insights-account
↳ entityProject string required
The project name (for stack entities) or parent Insights account name (for resource entities).
↳ entityId string required
The identifier of the entity this issue applies to.
↳ stackVersion integer optional
The stack version where the issue was detected.
↳ resourceVersion integer optional
The resource version where the issue was detected.
↳ policyPack string required
The name of the policy pack that produced this issue.
↳ policyPackTag string required
The tag of the policy pack version that produced this issue.
↳ policyName string required
The name of the policy that was violated.
↳ resourceURN string required
The URN of the resource that violated the policy.
↳ resourceProvider string required
The provider of the resource that violated the policy.
↳ resourceType string required
The type of the resource that violated the policy.
↳ resourceName string required
The name of the resource that violated the policy.
↳ message string optional
A human-readable message describing the policy violation.
↳ observedAt string required
The timestamp when the issue was first observed.
↳ lastModified string optional
The timestamp when the issue was last modified.
↳ level string required
The enforcement level of the policy (e.g. advisory, mandatory, disabled).
↳ severity enum required
The severity of the policy violation.
Values: , low, medium, high, critical
↳ status enum required
The current status of the policy issue.
Values: open, in_progress, by_design, fixed, ignored
↳ kind enum required
The kind of policy issue (audit or preventative).
Values: audit, preventative
↳ priority enum required
The priority level of the policy issue.
Values: p0, p1, p2, p3, p4
↳ assignedTo UserInfo optional
The user the policy issue is assigned to.
↳ policyGroupName string optional
The name of the policy group this issue belongs to.
↳ policyGroupType enum optional
The type of the policy group this issue belongs to.
Values: audit, preventative
groupData array[object] required
Grouped data for policy issue aggregation
rowCount integer optional
The total number of policy issue rows

Errors: 400 Invalid filter parameters 404 Organization not found

Get Policy Issue

▼

GET /api/orgs/{orgName}/policyresults/issues/{issueId}

Returns the details of a specific policy issue, including the violating resource, the policy pack and policy name that flagged the violation, the enforcement level (advisory or mandatory), severity, and the current triage status of the issue.

Request Parameters

orgName string path required
The organization name
issueId string path required
The issue identifier

Responses

200 OK

Schema: GetPolicyIssueResponse

policyIssue PolicyIssue required
The policy issue details
↳ id string required
The unique identifier of the policy issue.
↳ entityType enum required
The type of entity this issue applies to.
Values: stack, insights-account
↳ entityProject string required
The project name (for stack entities) or parent Insights account name (for resource entities).
↳ entityId string required
The identifier of the entity this issue applies to.
↳ stackVersion integer optional
The stack version where the issue was detected.
↳ resourceVersion integer optional
The resource version where the issue was detected.
↳ policyPack string required
The name of the policy pack that produced this issue.
↳ policyPackTag string required
The tag of the policy pack version that produced this issue.
↳ policyName string required
The name of the policy that was violated.
↳ resourceURN string required
The URN of the resource that violated the policy.
↳ resourceProvider string required
The provider of the resource that violated the policy.
↳ resourceType string required
The type of the resource that violated the policy.
↳ resourceName string required
The name of the resource that violated the policy.
↳ message string optional
A human-readable message describing the policy violation.
↳ observedAt string required
The timestamp when the issue was first observed.
↳ lastModified string optional
The timestamp when the issue was last modified.
↳ level string required
The enforcement level of the policy (e.g. advisory, mandatory, disabled).
↳ severity enum required
The severity of the policy violation.
Values: , low, medium, high, critical
↳ status enum required
The current status of the policy issue.
Values: open, in_progress, by_design, fixed, ignored
↳ kind enum required
The kind of policy issue (audit or preventative).
Values: audit, preventative
↳ priority enum required
The priority level of the policy issue.
Values: p0, p1, p2, p3, p4
↳ assignedTo UserInfo optional
The user the policy issue is assigned to.
↳ policyGroupName string optional
The name of the policy group this issue belongs to.
↳ policyGroupType enum optional
The type of the policy group this issue belongs to.
Values: audit, preventative
policy AppPolicy optional
The policy definition that caused this issue. May be null if the policy has been deleted or is unavailable.
↳ name string required
Unique URL-safe name for the policy. This is unique to a specific version of a Policy Pack.
↳ displayName string required
The display name
↳ description string required
Description is used to provide more context about the purpose of the policy.
↳ enforcementLevel enum required
The enforcement level
Values: advisory, mandatory, remediate, disabled
↳ message string required
Message is the message that will be displayed to end users when they violate this policy.
↳ configSchema AppPolicyConfigSchema optional
The JSON schema for the Policy’s configuration.
↳ severity enum optional
The severity of the policy.
Values: , low, medium, high, critical
↳ framework AppPolicyComplianceFramework optional
The compliance framework that this policy belongs to.
↳ tags array[string] optional
Tags associated with the policy.
↳ remediationSteps string optional
A description of the steps to take to remediate a policy violation.
↳ url string optional
A URL to more information about the policy.
policyPack RegistryPolicyPack optional
The registry policy pack metadata. May be null if the policy pack is unavailable.
↳ id string required
ID is the unique identifier for this policy pack in the registry. This is a UUID that corresponds to the policy pack’s database ID.
↳ source string required
Source indicates where this policy pack is hosted (e.g., “private”, “pulumi”). Currently, only “private” policy packs are supported.
↳ publisher string required
Publisher is the organization or user that published this policy pack. This corresponds to the Pulumi organization name.
↳ name string required
Name is the unique identifier for this policy pack within the publisher’s namespace. Policy pack names must be URL-safe and unique per publisher.
↳ version string required
Version is the semantic version of this policy pack. This represents the latest or specific version being referenced.
↳ displayName string required
DisplayName is a human-readable name for this policy pack. This is typically more descriptive than the technical name.
↳ accessLevel enum required
AccessLevel is the client’s level of access to this policy pack.
Values: full, view-only, deny
↳ enforcementLevels array[string] required
EnforcementLevels are the client’s allowed enforcement levels for this policy pack.

Errors: 404 Organization or Policy issue not found

Update Policy Issue

▼

PATCH /api/orgs/{orgName}/policyresults/issues/{issueId}

Updates a policy issue’s triage status and other mutable fields. All body fields are optional — only provide the fields you want to update.

status: open, in_progress, by_design, fixed, or ignored
priority: p0, p1, p2, p3, or p4
assignedTo: username to assign the issue to, or null to unassign

Request Parameters

orgName string path required
The organization name
issueId string path required
The issue identifier

Request Body

Schema: UpdatePolicyIssueRequest

assignedTo string optional
The user to assign the policy issue to.
status enum optional
The new status for the policy issue. Valid values: open, in_progress, by_design, ignored. Note: fixed cannot be set manually.
Values: open, in_progress, by_design, fixed, ignored
priority enum optional
The new priority for the policy issue.
Values: p0, p1, p2, p3, p4

Responses

200 OK

Schema: GetPolicyIssueResponse

policyIssue PolicyIssue required
The policy issue details
↳ id string required
The unique identifier of the policy issue.
↳ entityType enum required
The type of entity this issue applies to.
Values: stack, insights-account
↳ entityProject string required
The project name (for stack entities) or parent Insights account name (for resource entities).
↳ entityId string required
The identifier of the entity this issue applies to.
↳ stackVersion integer optional
The stack version where the issue was detected.
↳ resourceVersion integer optional
The resource version where the issue was detected.
↳ policyPack string required
The name of the policy pack that produced this issue.
↳ policyPackTag string required
The tag of the policy pack version that produced this issue.
↳ policyName string required
The name of the policy that was violated.
↳ resourceURN string required
The URN of the resource that violated the policy.
↳ resourceProvider string required
The provider of the resource that violated the policy.
↳ resourceType string required
The type of the resource that violated the policy.
↳ resourceName string required
The name of the resource that violated the policy.
↳ message string optional
A human-readable message describing the policy violation.
↳ observedAt string required
The timestamp when the issue was first observed.
↳ lastModified string optional
The timestamp when the issue was last modified.
↳ level string required
The enforcement level of the policy (e.g. advisory, mandatory, disabled).
↳ severity enum required
The severity of the policy violation.
Values: , low, medium, high, critical
↳ status enum required
The current status of the policy issue.
Values: open, in_progress, by_design, fixed, ignored
↳ kind enum required
The kind of policy issue (audit or preventative).
Values: audit, preventative
↳ priority enum required
The priority level of the policy issue.
Values: p0, p1, p2, p3, p4
↳ assignedTo UserInfo optional
The user the policy issue is assigned to.
↳ policyGroupName string optional
The name of the policy group this issue belongs to.
↳ policyGroupType enum optional
The type of the policy group this issue belongs to.
Values: audit, preventative
policy AppPolicy optional
The policy definition that caused this issue. May be null if the policy has been deleted or is unavailable.
↳ name string required
Unique URL-safe name for the policy. This is unique to a specific version of a Policy Pack.
↳ displayName string required
The display name
↳ description string required
Description is used to provide more context about the purpose of the policy.
↳ enforcementLevel enum required
The enforcement level
Values: advisory, mandatory, remediate, disabled
↳ message string required
Message is the message that will be displayed to end users when they violate this policy.
↳ configSchema AppPolicyConfigSchema optional
The JSON schema for the Policy’s configuration.
↳ severity enum optional
The severity of the policy.
Values: , low, medium, high, critical
↳ framework AppPolicyComplianceFramework optional
The compliance framework that this policy belongs to.
↳ tags array[string] optional
Tags associated with the policy.
↳ remediationSteps string optional
A description of the steps to take to remediate a policy violation.
↳ url string optional
A URL to more information about the policy.
policyPack RegistryPolicyPack optional
The registry policy pack metadata. May be null if the policy pack is unavailable.
↳ id string required
ID is the unique identifier for this policy pack in the registry. This is a UUID that corresponds to the policy pack’s database ID.
↳ source string required
Source indicates where this policy pack is hosted (e.g., “private”, “pulumi”). Currently, only “private” policy packs are supported.
↳ publisher string required
Publisher is the organization or user that published this policy pack. This corresponds to the Pulumi organization name.
↳ name string required
Name is the unique identifier for this policy pack within the publisher’s namespace. Policy pack names must be URL-safe and unique per publisher.
↳ version string required
Version is the semantic version of this policy pack. This represents the latest or specific version being referenced.
↳ displayName string required
DisplayName is a human-readable name for this policy pack. This is typically more descriptive than the technical name.
↳ accessLevel enum required
AccessLevel is the client’s level of access to this policy pack.
Values: full, view-only, deny
↳ enforcementLevels array[string] required
EnforcementLevels are the client’s allowed enforcement levels for this policy pack.

Errors: 400 Invalid input 404 Organization or Policy issue not found

Export Policy Issues

▼

POST /api/orgs/{orgName}/policyresults/issues/export

Exports policy issues for an organization to CSV format for offline analysis or reporting. Policy issues represent violations detected by Policy Packs during stack updates or continuous compliance scans. The export includes issue details such as the violating resource, policy name, enforcement level, and severity.

Request Parameters

orgName string path required
The organization name

Request Body

Schema: AngularGridGetRowsRequest

startRow integer optional
The start row
endRow integer optional
The end row
rowGroupCols array[AngularGridColumn] required
List of row group cols
↳ id string required
The unique identifier
↳ displayName string required
The display name
↳ field string optional
The field
↳ aggFunc string optional
The agg func
valueCols array[AngularGridColumn] required
List of value cols
↳ id string required
The unique identifier
↳ displayName string required
The display name
↳ field string optional
The field
↳ aggFunc string optional
The agg func
groupKeys array[string] required
List of group keys
filterModel AngularGridAdvancedFilterModel required
The filter model
↳ type string required
The type
↳ conditions array[AngularGridFilterModel] required
List of conditions
sortModel array[AngularGridSortModelItem] required
List of sort model
↳ colId string required
Column Id to apply the sort to.
↳ sort string required
Sort direction

Responses

200 OK

Errors: 400 Invalid request parameters 404 Organization not found

Get Policy Issues Filters

▼

POST /api/orgs/{orgName}/policyresults/issues/filters

Returns the available filter options for listing policy issues, such as policy pack names, enforcement levels, severity values, and resource types. This is used to populate filter dropdowns in the policy issues UI.

Request Parameters

orgName string path required
The organization name

Request Body

Schema: PolicyIssueFiltersRequest

filterModel AngularGridAdvancedFilterModel optional
Optional filter model to apply when getting available filter values. Same format as used in policy issues list.
↳ type string required
The type
↳ conditions array[AngularGridFilterModel] required
List of conditions
field string required
Field name

Responses

200 OK

Schema: PolicyIssueFiltersResponse

field string required
The field name for which filter values are provided.
values array[PolicyIssueFilterValue] required
The available filter values for the field.
↳ name string required
The name of the filter value.
↳ count integer required
The count of policy issues matching this filter value.

Errors: 400 Field parameter is required 404 Organization not found

Get Policy Results Metadata

▼

GET /api/orgs/{orgName}/policyresults/metadata

Returns high-level policy compliance statistics for an organization, including total violation counts, breakdown by severity and enforcement level, and trends over time. This provides an overview of the organization’s policy compliance posture.

Request Parameters

orgName string path required
The organization name

Responses

200 OK

Schema: PolicyResultsMetadata

policyTotalCount integer required
Total number of policies
policyWithIssuesCount integer required
Number of policies with issues
resourcesTotalCount integer required
Total number of resources covered by policies
resourcesWithIssuesCount integer required
Number of resources with issues

Errors: 404 Organization not found

List Policies Compliance

▼

POST /api/orgs/{orgName}/policyresults/policies

Returns policy compliance data grouped by policy pack and policy name, showing how many stacks are in compliance or violation for each individual policy rule. Supports pagination and filtering via the grid request format.

Request Parameters

orgName string path required
The organization name

Request Body

Schema: AngularGridGetRowsRequest

startRow integer optional
The start row
endRow integer optional
The end row
rowGroupCols array[AngularGridColumn] required
List of row group cols
↳ id string required
The unique identifier
↳ displayName string required
The display name
↳ field string optional
The field
↳ aggFunc string optional
The agg func
valueCols array[AngularGridColumn] required
List of value cols
↳ id string required
The unique identifier
↳ displayName string required
The display name
↳ field string optional
The field
↳ aggFunc string optional
The agg func
groupKeys array[string] required
List of group keys
filterModel AngularGridAdvancedFilterModel required
The filter model
↳ type string required
The type
↳ conditions array[AngularGridFilterModel] required
List of conditions
sortModel array[AngularGridSortModelItem] required
List of sort model
↳ colId string required
Column Id to apply the sort to.
↳ sort string required
Sort direction

Responses

200 OK

Schema: ListPoliciesComplianceResponse

policies array[PolicyComplianceRow] required
The list of policy compliance rows
↳ policyName string required
The name of the policy
↳ severity enum required
The severity level of the policy
Values: , low, medium, high, critical
↳ failingResources integer required
Number of resources failing this policy
↳ governedResources integer required
Total number of resources governed by this policy
↳ percentCompliant integer required
Percentage of resources that are compliant (0-100)
↳ policyPack string required
The policy pack this policy belongs to
↳ policyGroupName string required
The policy group this policy belongs to
↳ policyGroupType enum required
The type of the policy group this policy belongs to
Values: audit, preventative
totalCount integer optional
The total number of policies
continuationToken string optional
Continuation token for pagination

Errors: 400 Invalid grid request parameters 404 Organization not found

List Policy Violations V2

▼

Deprecated. Use ListPolicyIssues instead.

GET /api/orgs/{orgName}/policyresults/violationsv2

ListPolicyViolationsV2Handler gets all the policy violations for an org. Deprecated: Use /policyresults/issues

Request Parameters

orgName string path required
The organization name

Responses

200 OK

Schema: ListPolicyViolationsV2Response

policyViolations array[PolicyViolationV2] required
The list of policy violations
↳ id string required
The unique identifier of the policy violation.
↳ projectName string required
The name of the project containing the violating resource.
↳ stackName string optional
The name of the stack containing the violating resource.
↳ stackVersion integer optional
The stack version where the violation was detected.
↳ accountName string optional
The Insights account name associated with the violation, for resource-scoped violations.
↳ resourceVersion integer optional
The resource version where the violation was detected.
↳ policyPack string required
The name of the policy pack that produced this violation.
↳ policyPackTag string required
The tag of the policy pack version that produced this violation.
↳ policyName string required
The name of the policy that was violated.
↳ resourceURN string required
The URN of the resource that violated the policy.
↳ resourceType string required
The type of the resource that violated the policy.
↳ resourceName string required
The name of the resource that violated the policy.
↳ message string required
A human-readable message describing the policy violation.
↳ observedAt string required
The timestamp when the violation was observed.
↳ level string required
The enforcement level of the violated policy (e.g. advisory, mandatory, disabled).
↳ kind enum required
The kind of policy violation (audit or preventative).
Values: audit, preventative
continuationToken string optional
Continuation token for pagination

Errors: 404 Organization not found

Policy Results

On this page

On this page

Get Policy Compliance Results

Request Parameters

Request Body

Responses

List Policy Issues

Request Parameters

Request Body

Responses

Get Policy Issue

Request Parameters

Responses

Update Policy Issue

Request Parameters

Request Body

Responses

Export Policy Issues

Request Parameters

Request Body

Responses

Get Policy Issues Filters

Request Parameters

Request Body

Responses

Get Policy Results Metadata

Request Parameters

Responses

List Policies Compliance

Request Parameters

Request Body

Responses

List Policy Violations V2

Request Parameters

Responses

On this page

On this page