Skip to content

Commit 4b0dfa6

Browse files
AlmostBald-TRADINGAlmostBald-TRADING
committed
docs(coderabbit): add optional external tools note and IaC review paths
- Recommend enabling gitleaks, semgrep, checkov in CodeRabbit UI - Add IaC/container/K8s review instructions under path_instructions - Keep path fields as strings to satisfy linter
1 parent f50bf37 commit 4b0dfa6

File tree

1 file changed

+76
-0
lines changed

1 file changed

+76
-0
lines changed

.coderabbit.yaml

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ tone_instructions: "Professional tone focusing on security, performance, code qu
66

77
# Review configuration
88
reviews:
9+
# Optional: Consider enabling additional external review tools in CodeRabbit UI
10+
# such as gitleaks (secrets scanning), semgrep (SAST), and checkov (IaC scanning)
11+
# for broader security coverage. These are configured in the CodeRabbit UI, not here.
912
# Path filters for excluding files and directories
1013
path_filters:
1114
- "!**/*.pyc"
@@ -58,6 +61,79 @@ reviews:
5861
- Dependabot configuration
5962
- Security scanning setup
6063
64+
# Infrastructure as Code and containerization
65+
- path: "**/*.tf"
66+
instructions: |
67+
Focus on:
68+
- IaC security and misconfigurations (least privilege, restricted policies)
69+
- Safe defaults (no hard-coded secrets, pinned images, versioned modules)
70+
- Container best practices (non-root user, slim base images, healthchecks)
71+
- Network exposure and port/security group rules
72+
- Kubernetes/Helm best practices (resource limits, probes, RBAC)
73+
74+
- path: "**/Dockerfile"
75+
instructions: |
76+
Focus on:
77+
- IaC security and misconfigurations (least privilege, restricted policies)
78+
- Safe defaults (no hard-coded secrets, pinned images, versioned modules)
79+
- Container best practices (non-root user, slim base images, healthchecks)
80+
- Network exposure and port/security group rules
81+
- Kubernetes/Helm best practices (resource limits, probes, RBAC)
82+
83+
- path: "**/Dockerfile.*"
84+
instructions: |
85+
Focus on:
86+
- IaC security and misconfigurations (least privilege, restricted policies)
87+
- Safe defaults (no hard-coded secrets, pinned images, versioned modules)
88+
- Container best practices (non-root user, slim base images, healthchecks)
89+
- Network exposure and port/security group rules
90+
- Kubernetes/Helm best practices (resource limits, probes, RBAC)
91+
92+
- path: "**/docker-compose.yml"
93+
instructions: |
94+
Focus on:
95+
- IaC security and misconfigurations (least privilege, restricted policies)
96+
- Safe defaults (no hard-coded secrets, pinned images, versioned modules)
97+
- Container best practices (non-root user, slim base images, healthchecks)
98+
- Network exposure and port/security group rules
99+
- Kubernetes/Helm best practices (resource limits, probes, RBAC)
100+
101+
- path: "**/docker-compose.*.yml"
102+
instructions: |
103+
Focus on:
104+
- IaC security and misconfigurations (least privilege, restricted policies)
105+
- Safe defaults (no hard-coded secrets, pinned images, versioned modules)
106+
- Container best practices (non-root user, slim base images, healthchecks)
107+
- Network exposure and port/security group rules
108+
- Kubernetes/Helm best practices (resource limits, probes, RBAC)
109+
110+
- path: "helm/**/*"
111+
instructions: |
112+
Focus on:
113+
- IaC security and misconfigurations (least privilege, restricted policies)
114+
- Safe defaults (no hard-coded secrets, pinned images, versioned modules)
115+
- Container best practices (non-root user, slim base images, healthchecks)
116+
- Network exposure and port/security group rules
117+
- Kubernetes/Helm best practices (resource limits, probes, RBAC)
118+
119+
- path: "k8s/**/*"
120+
instructions: |
121+
Focus on:
122+
- IaC security and misconfigurations (least privilege, restricted policies)
123+
- Safe defaults (no hard-coded secrets, pinned images, versioned modules)
124+
- Container best practices (non-root user, slim base images, healthchecks)
125+
- Network exposure and port/security group rules
126+
- Kubernetes/Helm best practices (resource limits, probes, RBAC)
127+
128+
- path: "kubernetes/**/*"
129+
instructions: |
130+
Focus on:
131+
- IaC security and misconfigurations (least privilege, restricted policies)
132+
- Safe defaults (no hard-coded secrets, pinned images, versioned modules)
133+
- Container best practices (non-root user, slim base images, healthchecks)
134+
- Network exposure and port/security group rules
135+
- Kubernetes/Helm best practices (resource limits, probes, RBAC)
136+
61137
# Documentation (markdown files in root and docs directory)
62138
- path: "**/*.md"
63139
instructions: |

0 commit comments

Comments
 (0)