Add prodsec-recommended CodeRabbit security rules#16
Conversation
Adopts the security configuration from openshift/coderabbit#17 which adds Red Hat Product Security recommended review rules, path-specific security instructions, security scanner tooling, and knowledge base indexing. Adds: - Global review instructions (secrets, crypto, injection, container privileges, sensitive logging, AI attribution) - 18 path-specific security review blocks (injection, web, crypto, containers, K8s/OpenShift, MCP, agents, LLM, supply chain, CI/CD, auth, API gateway, Go, C/C++, database, messaging, model registry) - Security scanners: gitleaks, semgrep, checkov, hadolint, trivy, osvScanner, actionlint, ast-grep - Knowledge base auto-indexing of AGENTS.md, CLAUDE.md, CONTRIBUTING.md - Additional path_filters for node_modules, dist, minified JS, yarn.lock Co-authored-by: Cursor <cursoragent@cursor.com>
Noise reduction — disable defaults that add clutter without value: - in_progress_fortune, suggested_labels, suggested_reviewers, estimate_code_review_effort, related_prs - finishing_touches for docstrings and unit_tests (prevents CodeRabbit from opening follow-up PRs) Useful additions: - language: en-US, early_access: true - tone_instructions: direct and concise, focus on bugs/security - high_level_summary_in_walkthrough: true - enable_prompt_for_ai_agents: true (AI-friendly inline prompts) - knowledge_base.jira: auto (cross-reference Jira issues) - knowledge_base.linked_repositories: sandbox repo for cross-repo dependency awareness - tools: shellcheck, golangci-lint, yamllint (language-specific linters) Co-authored-by: Cursor <cursoragent@cursor.com>
- Use recursive glob patterns (**/node_modules/**, **/dist/**, **/*.min.js, **/yarn.lock) so nested projects are covered - Add Cargo.lock to the supply-chain path_instructions glob alongside Cargo.toml for consistency Co-authored-by: Cursor <cursoragent@cursor.com>
onmete
force-pushed
the
chore/prodsec-coderabbit-config
branch
from
c14af6a to
d725068
Compare
|
Warning Review limit reached
More reviews will be available in 36 minutes and 15 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
@onmete: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
1 participant
Summary
Test plan
Made with Cursor