sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
beef3ce76b955877ec999f1d84d40ba623bfb96d
orion/.security-rules/_main.yaml
Samir Boulahtit 7a9dda282d refactor(scripts): reorganize scripts/ into seed/ and validate/ subfolders 
Move 9 init/seed scripts into scripts/seed/ and 7 validation scripts
(+ validators/ subfolder) into scripts/validate/ to reduce clutter in
the root scripts/ directory. Update all references across Makefile,
CI/CD configs, pre-commit hooks, docs (~40 files), and Python imports.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-09 21:35:53 +01:00

68 lines
1.8 KiB
YAML
Raw Blame History

# Security Rules Configuration
# ============================
# Security-focused validation rules for the codebase.
# Run with: python scripts/validate/validate_security.py
version: "1.0"
project: "letzshop-product-import"
description: |
Security validation rules to detect common vulnerabilities and ensure
secure coding practices across the application.
principles:
- name: "Defense in Depth"
description: "Multiple layers of security controls"
- name: "Least Privilege"
description: "Minimal access rights for users and processes"
- name: "Secure by Default"
description: "Secure configurations out of the box"
- name: "Fail Securely"
description: "Errors should not compromise security"
- name: "Input Validation"
description: "Never trust user input"
includes:
- authentication.yaml
- injection.yaml
- data_protection.yaml
- api_security.yaml
- cryptography.yaml
- audit.yaml
severity_levels:
error:
description: "Critical security vulnerability that must be fixed"
exit_code: 1
warning:
description: "Security concern that should be addressed"
exit_code: 0
info:
description: "Security best practice recommendation"
exit_code: 0
ignore:
files:
- "**/test_*.py"
- "**/tests/**"
- "**/*_test.py"
- "**/conftest.py"
- "**/migrations/**"
- "**/.venv/**"
- "**/venv/**"
- "**/node_modules/**"
- "**/site/**"
- "**/scripts/**"
- "**/__pycache__/**"
- "**/*.pyc"
- "**/vendor/**" # Third-party libraries
patterns:
# Allow test credentials in test files
- file: "**/tests/**"
pattern: "password.*=.*test"
reason: "Test fixtures use dummy credentials"
# Allow example patterns in documentation
- file: "**/docs/**"
pattern: ".*"
reason: "Documentation examples"
Reference in New Issue View Git Blame Copy Permalink