This topic introduces code detection tasks and rules in Alibaba Cloud DevOps Codeup.
Concepts
Detection rule: A detection rule is the fundamental unit of detection. A detection rule can be used to detect the presence of sensitive credentials and keys such as insecure plaintext passwords.
Detection rule package: A detection rule package is a collection of detection rules for a detection type or detection engine, for example, a sensitive information detection package.
Detection strategy: A detection strategy consists of a group of rule packages and their associated runtime parameter configurations. It can be applied to multiple code repositories. When a strategy is executed on a code repository, it is instantiated as a detection task.
Detection task: A detection task is an instantiated strategy executed on a code repository. A strategy is a collection of rules. A detection task can be executed multiple times on a specified branch, with each execution generating a report for that branch.
Quality gate: A quality gate is a checkpoint mechanism that typically returns a binary result: Pass or Fail. If the number of detected issues exceeds a predefined threshold for passing, the quality gate will fail. This mechanism is often used in merge request checkpoints to determine if the code can proceed to the next development stage.
Severity levels of rules
Critical: Rules at this severity level must be strictly followed. Violations may result in serious consequences.
Warning: Compliance with rules at this severity level is highly recommended. Following these rules consistently contributes to system stability and efficiency.
Suggestion: A full understanding of rules at this severity level is advised. These rules are designed to enhance individual coding practices and foster team collaboration.