Skip to content

Design: Support custom rulesets in the SAST Configuration UI

Problem to solve

Currently, users need to go to the docs to learn how to set custom rulesets for SAST, and then make the configurations via the WebIDE.

Solution

Add a custom rulesets field in the SAST Configuration UI

More info

Ruleset customization supports two capabilities:

  • Disabling predefined rules (available for all analyzers).

  • Modifying the default behavior of a given analyzer (only available for nodejs-scan and gosec).

Proposal

WIP Design:

Screen_Shot_2021-05-12_at_1.34.08_PM

Question

  • Should we offer custom ruleset block for each analyzer? This makes the design and technical implementation more complicated.

  • Should we offer examples to populate in for separate analyzers?

Feedback please!

cc @nmccorrison @tmccaslin @theoretick @rossfuhrman @ssarka @markrian @jannik_lehmann @twoodham @zrice

Edited by Becka Lippert