Within your application's repository, you can include a configuration file named shiftleft.yml that contains build rules. ShiftLeft can compare the results of its analyses against your build rules to determine if the build should fail or not.
With this file, you can:
Specify different build rules for each of your applications/repositories
Keep your build rules under version control
Edit your build rules without needing a separate tool that's outside your development workflow
By default, the location of your configuration file in your repository should be ./shiftleft.yml. The file should be formatted as follows:
build_rules:- id: build-rule-identifierseverity:- SEVERITY_MEDIUM_IMPACT- SEVERITY_HIGH_IMPACTtype:- SQL Injection- Sensitive Data Leakowasp_category:- a1-injectionthreshold: 10- id: another-build-ruleseverity:- SEVERITY_LOW_IMPACTthreshold: 100
You can include multiple build rules in the file.
The following is a list of parameters you can include in your build rules. All build rule parameters are optional.
A string identifier for your rule
The severity levels for which you want to filter. Accepted values:
The types of vulnerabilities for which you want to filter
The OWASP categories of vulnerabilities for which you want to filter
The number of vulnerabilities found that would lead to a failed build. Default is 0, so any vulnerability identified would lead to a build failure