Custom Rules

In addition to custom rules created locally for a specific repository, you can create custom rules at the organizational level. This allows security professionals to propagate custom rules to their organization (side by side with local scan configuration)

  1. In CloudGuard Code Security, navigate to Settings > Custom Rules.

  2. In the confirmation window, click Activate.

  1. Create a file structure. For this, run in the CLI:

    Copy 
    $HOME/.spectral/spectral custom-rules init

    The system creates a folder named .spectral in your current location. You can refer to the example rule file in .spectral/rules to get started.

  2. We recommend that you sync the custom rules of your organization. To sync, run:

    Copy 
    $HOME/.spectral/spectral custom-rules get

  3. Create a file per rule or a few rules in a single file. The name of the file must be in the format custom_rule_*.yaml. For more information on how to write indicators, see Building Detectors.

    Note - Make sure that the rules do not contain sensitive data.

  4. Optional - For a centralized custom rules, add your own link to the playbook of your detector. To do this, add a link property to the rule. For example:

    link: https://guides.spectralopps.io/docs/cloud-keys

  5. Make sure your rules do not expose sensitive data by targeting a secret directly or by targeting a secret using an obvious regex. You can run such commands locally in your environment, but we do not recommend adding them to rules.

  6. Publish the rule. To publish, run:

    Copy 
    $HOME/.spectral/spectral custom-rules publish

    The system scans the current folder using only your custom rules. Explore the findings of this scan to make sure your rules are working as expected. The system also scans the custom rules to identify sensitive data exposures. If the system detects issues in the custom rules, you are notified and you can cancel the publishing process.

    Note - To disable the system scan of the custom rules, run:

    Copy 
    $HOME/.spectral/spectral custom-rules publish --no-scan

  7. Approve the custom rules. The system creates a new version of the custom rules.

  8. The Administrator must approve or reject the new custom rules. If approved, the new custom rule is used by all the scans in the organization by default.

    Note - To exclude custom rules for a scan, run:

    Copy 
    $HOME/.spectral/spectral scan --exclude-tags custom-rules