Skip to main content

Ruleset

The ruleset component is a crucial part of the SCCCE system, a ruleset contains a set of rules that can be run to analyze and enforce security policies in a project. It allows users to define, organize, and apply sets of rules to ensure compliance and security within their cloud infrastructure.

ruleset editor page

Key Features

  • Rule Management: Create, update, and delete rules within a ruleset.
  • Rule Application: Apply rulesets to specific projects.
  • Integration: Seamlessly integrates with other components like scan and analyserJob to enforce security policies.

Structure

The ruleset component is structured to provide flexibility and scalability. It is designed to handle multiple rules and apply them efficiently across different projects.

Entity Relationships

  • Project: A project can apply multiple rulesets.
  • Rule: A ruleset contains multiple rules.
  • AnalyserJob: Uses rulesets to analyze and enforce security policies.

Create a new ruleset

There are two ways to create a new ruleset:

  1. Create a new ruleset from the Ruleset Editor page
  2. Import a ruleset from a JSON file

Create a new ruleset from the Ruleset Editor page

A new ruleset can be created by clicking the "New Ruleset" button on the side bar.

new ruleset dialog

After the ruleset is created, you can start to add rules to it.

edit ruleset

Import a ruleset from a JSON file

You can import a ruleset from a JSON file by clicking the "Import Ruleset" button on the Ruleset Editor page.

import ruleset

After the ruleset is imported, you can see the ruleset in the Ruleset Editor page.

tip

You can download the ruleset schema from here.

Create and Edit Rules

Each rule must be part of a ruleset. You can create a new rule by clicking the "New Rule" button on the Ruleset Editor page.

new rule

A rule contains the following fields:

  • Name: The name of the rule
  • Description: The description of the rule
  • Remediation: The remediation of the rule
  • Applicable Cloud Platforms: The cloud platforms that the rule is applicable to
  • Scripts: The script that implements the rule
    • Each script is a JavaScript or Typescript file that implements the rule logic
    • Each script is for a specific cloud platform
    • If a rule is applicable to multiple cloud platforms, you need to create one script for each cloud platform
tip

You can test the script by loading test data from one of your projects using the "Select Project" dropdown within the script editor dialog.

Details of writing rules can be found in the Advanced Guide.

Export a ruleset

You can export a ruleset to a JSON file by clicking the "Export" button on the Ruleset Editor page.

API Reference

See Ruleset API Reference and Rule API Reference for more details.