Rules
The /rules page is where you manage scan policy — both the built-in rule catalog and your own custom rules, in one place.
How rules are organized
Section titled “How rules are organized”Rules are grouped into sections by scan type — SAST, SCA, Secrets, IaC, Malware (malicious packages), and Container — and within each section by category (SQL injection, XSS, hardcoded secret, typosquat, install-script, and so on). Each rule shows its ID, title, severity, confidence, current mode, and how many open findings it has produced.
Rule modes
Section titled “Rule modes”Every rule has a mode that controls how its findings behave:
| Mode | Effect |
|---|---|
| Disabled | The rule is skipped entirely — no findings. |
| Monitor | The rule produces findings, but they never fail CI. |
| Block | The rule produces findings and trips the CI exit code via the fail-on mechanism. |
Changing a mode takes effect on the next scan. See Severity Gates for how Block mode interacts with CI exit codes, and Merge Gating for blocking merges on managed SCM connections.
Filtering rules
Section titled “Filtering rules”| Filter | Effect |
|---|---|
| Search | Match by rule ID or title. |
| Mode | disabled / monitor / block. |
| Severity | critical / high / medium / low / info. |
| Source | Built-in versus custom. |
| Category | One of the rule categories. |
| Has findings | Show only rules that have produced findings. |
Bulk mode update
Section titled “Bulk mode update”- Filter to the rules you want to change — for example, all SQL-injection rules.
- Select them.
- Pick a mode from the bulk action. Every selected rule updates at once.
A common rollout is to start new rules in Monitor, watch their true/false-positive ratio, then promote the trustworthy ones to Block.
Importing and exporting
Section titled “Importing and exporting”You can import rules from a file and export the current rule configuration to CSV. Built-in rules are read-only — you can change their mode but not edit or delete them. Only custom rules are fully editable.
Rule detail
Section titled “Rule detail”Click any rule to open its detail: full description, the pattern or metadata, example vulnerable code, remediation guidance, and its finding history.