> ## Documentation Index
> Fetch the complete documentation index at: https://docs.corgea.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Update Policy

> Partially update a policy. Updates to policy content create a new version; changing only active status updates the same policy.



## OpenAPI

````yaml /api-reference/openapi.json patch /policies/{policy_id}
openapi: 3.0.0
info:
  title: Corgea API
  version: 1.0.0
  description: >-
    API for interacting with Corgea's scanning and vulnerability management
    features
servers:
  - url: https://www.corgea.app/api/v1
    description: Production server
security:
  - CorgeaToken: []
  - BearerAuth: []
paths:
  /policies/{policy_id}:
    patch:
      tags:
        - Policies
      summary: Update Policy
      description: >-
        Partially update a policy. Updates to policy content create a new
        version; changing only active status updates the same policy.
      operationId: updatePolicy
      parameters:
        - $ref: '#/components/parameters/PolicyId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdatePolicyRequest'
      responses:
        '200':
          description: Policy updated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PolicyResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
components:
  parameters:
    PolicyId:
      name: policy_id
      in: path
      required: true
      schema:
        type: integer
      description: The ID of the policy
  schemas:
    UpdatePolicyRequest:
      type: object
      minProperties: 1
      additionalProperties: false
      properties:
        policy_type:
          type: string
          enum:
            - BLAST
            - scan
            - false_positive
            - fix
        description:
          type: string
          minLength: 10
        name:
          type: string
          minLength: 3
        cwes:
          type: array
          nullable: true
          items:
            type: string
        excludes:
          type: array
          nullable: true
          items:
            type: string
        projects:
          type: array
          nullable: true
          items:
            oneOf:
              - type: string
              - type: integer
          description: >-
            Project names or IDs that scope the policy. Empty or null makes the
            policy company-wide.
        active:
          type: boolean
        instruction_type:
          type: string
          enum:
            - overwrite
            - append
        glob_pattern:
          type: string
          nullable: true
          maxLength: 255
        guidance_text:
          type: string
          nullable: true
          maxLength: 3000
    PolicyResponse:
      type: object
      properties:
        policy:
          $ref: '#/components/schemas/Policy'
    Policy:
      type: object
      properties:
        id:
          type: integer
        policy_type:
          type: string
          enum:
            - BLAST
            - scan
            - false_positive
            - fix
        description:
          type: string
        cwes:
          type: array
          nullable: true
          items:
            type: string
        excludes:
          type: array
          nullable: true
          items:
            type: string
        projects:
          type: array
          nullable: true
          items:
            type: string
          description: >-
            Project names that scope the policy. Empty or null means
            company-wide.
        company:
          type: integer
        active:
          type: boolean
        approved:
          type: boolean
        approved_by:
          type: integer
          nullable: true
        created_at:
          type: string
          format: date-time
        glob_pattern:
          type: string
          nullable: true
        source_type:
          type: string
          example: Web
        repo_policy_file:
          type: integer
          nullable: true
        name:
          type: string
        guidance_text:
          type: string
          nullable: true
        version:
          type: integer
        archived:
          type: boolean
        parent_policy:
          type: integer
          nullable: true
        instruction_type:
          type: string
          enum:
            - overwrite
            - append
        read_only:
          type: boolean
        created_by_corgea:
          type: boolean
  responses:
    BadRequest:
      description: Invalid request
      content:
        application/json:
          schema:
            type: object
            properties:
              error:
                type: string
                example: Invalid JSON body
    Unauthorized:
      description: Invalid or missing token
      content:
        application/json:
          schema:
            type: object
            properties:
              error:
                type: string
                example: Missing or invalid authorization header
    Forbidden:
      description: Permission denied or feature unavailable
      content:
        application/json:
          schema:
            type: object
            properties:
              error:
                type: string
                example: Permission denied
    NotFound:
      description: Resource not found
      content:
        application/json:
          schema:
            type: object
            properties:
              error:
                type: string
                example: Policy not found
  securitySchemes:
    CorgeaToken:
      type: apiKey
      in: header
      name: CORGEA-TOKEN
      description: API key for authentication
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: OAuth2 access token (JWT) in the Authorization header

````