secure-code-agent/secure-code-agent.json at main · marshallguillory86/secure-code-agent · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
{
  "$schema": "./secure-code-agent.schema.json",
  "version": 1,
  "paths": {
    "include_extensions": [".py", ".js", ".jsx", ".ts", ".tsx", ".sh", ".yaml", ".yml", ".json", "Dockerfile"],
    "exclude_patterns":   [
      ".git/", "node_modules/", ".venv/", "venv/", "dist/", "build/",
      "**/__pycache__/", "**/*.min.js", "**/*.lock",
      "tests/",
      "src/secure_code_audit/scanners/builtin_rules.py",
      "src/secure_code_audit/standards.py",
      "src/secure_code_audit/remediation.py",
      "src/secure_code_audit/instructions.py",
      "src/secure_code_audit/suppressions.py",
      "docs/"
    ]
  },
  "asvs_level": 2,
  "scanners": {
    "bandit":          { "enabled": true,  "timeout_seconds": 600 },
    "semgrep":         { "enabled": false },
    "pip_audit":       { "enabled": true,  "timeout_seconds": 300 },
    "npm_audit":       { "enabled": false },
    "gitleaks":        { "enabled": true,  "timeout_seconds": 300 },
    "trufflehog":      { "enabled": false },
    "eslint_security": { "enabled": false },
    "builtin_rules":   { "enabled": true }
  },
  "gates": {
    "fail_on_severity": ["critical", "high"],
    "fail_on_category": ["secrets"],
    "fail_on_new":      true,
    "min_score":        4.0,
    "max_unsuppressed": {
      "critical": 0,
      "high":     0
    }
  }
}