Skip to content

rhel-lightspeed/coderabbit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.coderabbit.yaml
.coderabbit.yaml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
renovate.json
renovate.json
 
 

Repository files navigation

RHEL Lightspeed CodeRabbit Configuration

Organization-wide CodeRabbit configuration for the rhel-lightspeed GitHub organization.

Security rules are adapted from RedHatProductSecurity/prodsec-skills.

How it works

Repositories without their own .coderabbit.yaml automatically use this org-wide configuration. If a repository needs repo-specific settings, it must set inheritance: true in its .coderabbit.yaml to merge with these defaults:

inheritance: true

Without inheritance: true, a repo-level config fully replaces the org defaults.

What's included

  • Profile: assertive with request_changes_workflow enabled
  • Security scanners: gitleaks, semgrep, checkov, hadolint, trivy, osvScanner, actionlint, ast-grep
  • Pre-merge checks (hard gates): no hardcoded secrets, no weak crypto, no injection vectors, container privilege escalation, no sensitive data in logs, AI attribution
  • Path instructions covering: injection prevention, web/frontend security, cryptography, container hardening, Kubernetes/OpenShift manifests, MCP server/client security, inference engine security, agent security, LLM interaction security, supply chain, CI/CD, authentication/OAuth, API gateway, Go, C/C++, database security, messaging, model registry

About

Org-wide CodeRabbit configuration for rhel-lightspeed

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors