Skip to content

enhancement(ruleset): add support for category-level ruleset expansion with docker/all syntax #471

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
shivasurya merged 2 commits into from
Jan 19, 2026
Merged

enhancement(ruleset): add support for category-level ruleset expansion with docker/all syntax #471

shivasurya merged 2 commits into from
Jan 19, 2026

Conversation

@shivasurya
Copy link
Owner

@shivasurya shivasurya commented Jan 19, 2026

Why This Change?

Users currently must manually specify each bundle individually when they want to run all rules for a technology:

--ruleset docker/security --ruleset docker/best-practice --ruleset docker/performance

This is tedious and error-prone. Users want a simple way to run ALL rules for a category with a single flag.

Summary of Changes

New Feature: Support category/all syntax (e.g., docker/all, python/all) to automatically expand to all bundles in that category.

Implementation:

  • Added ManifestProvider interface for testability and dependency injection
  • Updated ParseSpec() to detect "all" keyword → converts to internal marker "*"
  • Added GetAllBundleNames() helper to Manifest for retrieving all bundle names
  • Extracted expandBundleSpecs() function with interface-based design for easy testing
  • Added 11 comprehensive mock-based unit tests achieving 100% code coverage

Usage Examples:

# Run all docker rules (security, best-practice, performance)
pathfinder scan --ruleset docker/all --project .

# Run all python rules
pathfinder scan --ruleset python/all --project .

# Mix category-level + specific bundles
pathfinder scan --ruleset docker/all --ruleset python/django --project .

Testing:

  • ✅ All tests pass (24 Go packages, 300 Python tests)
  • ✅ 100% code coverage for new functions
  • ✅ Build and lint successful (0 issues)
  • ✅ Mock-based unit tests (no integration tests)

Files Changed: 7 files, +353 lines

@shivasurya @claude
enhancement(ruleset): add support for category-level ruleset expansio…
68709ba 
…n with docker/all syntax

Add support for `docker/all` syntax to automatically expand to all bundles
in a category, eliminating the need to manually specify each bundle.

Changes:
- Add ManifestProvider interface for dependency injection and testing
- Update ParseSpec() to detect "all" keyword and mark for expansion
- Add GetAllBundleNames() helper to Manifest for bundle listing
- Extract expandBundleSpecs() function with interface-based design
- Add 11 comprehensive mock-based unit tests with 100% code coverage
- Support mixed usage: --ruleset docker/all --ruleset python/django

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>
@shivasurya shivasurya added the enhancement New feature or request label Jan 19, 2026
@shivasurya shivasurya self-assigned this Jan 19, 2026
@safedep
Copy link

safedep bot commented Jan 19, 2026
edited
Loading

SafeDep Report Summary

Green Malicious Packages Badge Green Vulnerable Packages Badge Green Risky License Badge

No dependency changes detected. Nothing to scan.

This report is generated by SafeDep Github App

@codecov
Copy link

codecov bot commented Jan 19, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 85.36585% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 80.25%. Comparing base (8f77843) to head (75f9f66).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
sast-engine/cmd/scan.go 76.92% 6 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #471      +/-   ##
==========================================
+ Coverage   80.24%   80.25%   +0.01%     
==========================================
  Files          99       99              
  Lines       10953    10992      +39     
==========================================
+ Hits         8789     8822      +33     
- Misses       1813     1819       +6     
  Partials      351      351

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@shivasurya shivasurya merged commit e7ee09b into main Jan 19, 2026
7 checks passed
@shivasurya shivasurya deleted the feature/ruleset-all-keyword branch January 19, 2026 01:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@shivasurya shivasurya

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shivasurya