Configuring a Custom Rule Set

Constraints

Constraints on custom rule sets:

• Purchase the code security check enhancement package as required before using CodeArts Check. This package identifies code security risks and vulnerabilities more comprehensively for Java, C++, Go, and Python.
• For rules of the secbrella and SQLGuardian engines, this option is not available.
• The language set in a custom rule set cannot be modified.
• Only rule set creators can modify or delete custom rule sets.
• Preset rule sets and custom rule sets in use cannot be deleted.
• To delete a custom rule set being used by a code check task, you can either delete the task or assign another rule set to the task.

Constraints on custom rules:

• For details about the number of supported custom rules, see CodeArts Check Specifications.
• Lines of code (LOC) scanned by a rule set with only custom rules: max. 100,000. This applies when the rule set contains only custom rules.
• Duration per code check task with 100,000 LOC scanned by a rule set with only custom rules: max. 1.5 hours. This applies when the rule set contains only custom rules.
• Only the te_admin account and rule creators can edit or delete custom rules.

Video Tutorial

The following videos show how to use rules and rule sets.

This video demonstrates how to use a custom rule set to check code from CodeArts Repo.

Customizing a Rule Set

1. Access CodeArts Check.
2. Click the Rule Sets tab.
3. Click Create Rule Set. In the displayed dialog box, enter a rule set name and description, as well as select a language and creation mode.

   The options of creation mode are as follows:

   • Directly: Create an empty rule set. All rules need to be selected one by one.
   • Copy: Copy an existing rule set by selecting it from the Replicated in drop-down list.
   • Inherit: In the Inherit from area, select a rule set from the drop-down list to inherit all rules. You can click to add up to 5 rule sets.

     If conflicts exist, rule sets with higher priority are used. A smaller value indicates a higher priority. For example, if the rules in the second rule set conflict with those in the first rule set, the rules in the first rule set takes precedence.

4. Click Confirm.
5. Select rules, set Issue Level, and click Save in the upper right corner.
   

   • Applicable to gate (including MR and CR check):
     • For rules of the secbrella and SQLGuardian engines, this option is not available.
     • For compilation rules of the sonarqube engine, if the compilation command is configured and the incremental MR check mode is selected, the task may fail to be executed due to compilation failure.
   • Applicable to version (excluding MR and CR check): All rules can be used for version-level checks.
   • Delay duration: You can set a deferral period for issues in a custom rule set. After setting, any issues detected within the specified period will be labeled as deferred. These issues are to be temporarily set aside and do not impact the results of quality gate quality.

   Create custom rules if needed.

Viewing a Custom Rule Set

1. On the My sets tab page, click the rule set name. On the rule set details page, you can view the details about the rules used in the rule set.
   • Online viewing

     By default, the check engine used by the rule is not displayed. To view the check engine, see Displaying the Check Engine.

     You can sort rule sets by Rules or Modified. The two sorting criteria are exclusive. For example, if rules are sorted by Modified, the sorting by Rules becomes invalid.

   • Offline viewing

     Click Export to export the enabled rules in the rule set to the local PC and view the rule details.

2. On the rule set details page, click Modify Basic Info to modify the rule set name, description, and owner.
   • The language set in a custom rule set cannot be modified.
   • Preset rule sets cannot be modified.
   • Only the te_admin account, tenant space administrators, tenant space owners, and rule set creators can modify custom rule sets.

Deleting a Custom Rule Set

• From the service portal:
  1. Access CodeArts Check from the service portal.
  2. Choose Rule Sets > My sets.
  3. Click in the row where the rule set is located to delete the custom rule set.
• From the project list:
  On the custom rule set list page, click in the row where the rule set is located and click Delete to delete the custom rule set.

  • Only rule set creators can delete custom rule sets.
  • Preset rule sets and custom rule sets in use cannot be deleted.
  • To delete a custom rule set being used by a code check task, you can either delete the task or assign another rule set to the task.

Using a Custom Rule Set

1. Go to the task details page, and choose Settings > Rule Sets.
2. If any changes are made to the code repository after you create a code check task, click in the Languages Included row to re-obtain the target language, and enable the switch of language.
3. Click to select the created custom rule set.

Customizing a Rule

Rules are used to check specified issues, including code issue impact and fix suggestions.

• For details about the number of supported custom rules, see CodeArts Check Specifications.
• Lines of code scanned by a rule set with only custom rules: max. 100,000. This applies when the rule set contains only custom rules.
• Duration per code check task with 100,000 LOC scanned by a rule set with only custom rules: max. 1.5 hours. This applies when the rule set contains only custom rules.
• Only the te_admin account and rule creators can edit and delete custom rules.

1. Click the Rules tab.
2. Choose Create Rule > Create Rule and set parameters by referring to Table 1.

   Table 1 Rule parameters

   Parameter	Description
   Rule Name	Custom rule name. It can be customized. Letters, digits, periods (.), underscores (_), and hyphens (-) allowed. 1 to 255 characters.
   Tool	Check tool used by the check rule. To use the check tool, enable Show Engine as instructed in Displaying the Check Engine. Only SecBrella is supported.
   Language	Language checked by a custom rule. Currently, only Java is supported.
   Source Code	Rule source code file. Create a .kirin file, create a domain-specific language (DSL) for rules, run the local plug-in to generate a SecH_Rule name.json file in the OutputReport directory, and upload the .json file. Note: The name of the file to be uploaded must start with SecH_.
   Tool Rule Name	The value is automatically filled based on the name of the file name of the uploaded rule source code file and cannot be modified.
   Scopes	Version-level or gate-level For ArkTS, you can select either Version or Gate, or both. For Java, this parameter can only be set to the default value Version. Note: If you select only Version or Gate for this parameter, you must also select the same option for the application scope of this rule in the rule set.
   Severity	Severity of a code issue detected by a rule. The value can be Critical, Major, Minor, or Suggestion.
   Tag	Rule tag for different scenarios. Use commas (,) to separate multiple tags.
   Description	Rule description. The content can contain code in Markdown. Max. 10,000 characters.
   Compliant Example	Compliant code example. The content contains code in Markdown. Max. 10,000 characters.
   Noncompliant Example	Noncompliant code example. The content contains code in Markdown. Max. 10,000 characters.
   Fix Suggestions	Issue fixing suggestions. The content can contain code in Markdown. Max. 10,000 characters.

3. Click Create Rule.

Importing Custom Rules in Batches

To import rules in batches, submit a service ticket.

1. Click the Rules tab.
2. Choose Create Rule > Import Rules. In the displayed dialog box, download the rule import template.
   Figure 1 Importing rules
   

3. After filling in the rule information according to the template requirements, click and select the file for rule import.
4. Click Confirm.

Related Documents

• For APIs about rule sets, see Rule Management.
• For details about the best practices of custom rules and rule sets, see Checking Code from CodeArts Repo with Custom Rules.