In order to ensure consistency and usability, we follow the contribution guidelines from Semgrep OSS Rules for writing rules (archived version).
Notably, and additionally:
- The directory structure is the following:
<language-name>/<framework>/<category>[/subcategory]/<rule-id>.yaml - The rule ID (`rules[*].id) should be unique and descriptive, we should be able to understand what it does without reading the description.
- We require to write tests.
- We highly encourage to include rationals and longer descriptions at the top of the YAML
files (using YAML comments, i.e.
# <my comment>) to help the users that will run the rules, and for the maintainers. - We encourage putting references (
rules[*].metadata.references) to allow users to easily find related and reliable resources. - The
README.mddocument should be updated whenever a rule is added.