Configuring a Custom Rule Set

CodeArts Check supports custom rule sets. Each rule set must contain at least one rule.

A rule set can be configured with only one language.

Constraints on custom rule sets:

Purchase the code security check enhancement package as required before using CodeArts Check. This package identifies code security risks and vulnerabilities more comprehensively for Java, C++, Go, and Python.
The language set in a custom rule set cannot be modified.
Only rule set creators can modify custom rule sets.
Only rule set creators can delete custom rule sets.
Preset rule sets and custom rule sets in use cannot be deleted.
To delete a custom rule set being used by a code check task, you can either delete the task or assign another rule set to the task.

Constraints on custom rules:

For details about the number of supported custom rules, see CodeArts Check Specifications.
Lines of code (LOC) scanned by a rule set with only custom rules: max. 100,000. This applies when the rule set contains only custom rules.
Duration per code check task with 100,000 LOC scanned by a rule set with only custom rules: max. 1.5 hours. This applies when the rule set contains only custom rules.
Only the te_admin account and rule creators can edit and delete custom rules.

This video demonstrates how to use a custom rule set to check code from CodeArts Repo.

This video demonstrates how to use a custom rule to check code from CodeArts Repo.

Access CodeArts Check.
Click the Rule Sets tab.
Click Create Rule Set. In the displayed dialog box, enter a rule set name and description, as well as select a language and creation mode.

The options of creation mode are as follows:
- Directly: Create an empty rule set. All rules need to be selected one by one.
- Copy: Copy an existing rule set by selecting it from the Replicated in drop-down list.
- Inherit: In the Inherit from area, select a rule set from the drop-down list to inherit all rules. You can click to add up to 5 rule sets.
  If conflicts exist, rule sets with higher priority are used. A smaller value indicates a higher priority. For example, if the rules in the second rule set conflict with those in the first rule set, the rules in the first rule set takes precedence.
Click Confirm.
Select rules, set Issue Level, and click Save in the upper right corner.

Create custom rules if needed.

From the service portal:
1. Access CodeArts Check from the service portal.
2. Choose Rule Sets > My sets.
3. Click in the row where the rule set is located to delete the custom rule set.
From the project list:
On the custom rule set list page, click in the row where the rule set is located and click Delete to delete the custom rule set.
- Only rule set creators can delete custom rule sets.
- Preset rule sets and custom rule sets in use cannot be deleted.
- To delete a custom rule set being used by a code check task, you can either delete the task or assign another rule set to the task.

Go to the task details page, and choose Settings > Rule Sets.
If any changes are made to the code repository after you create a code check task, click in the Languages Included row to re-obtain the target language, and enable the switch of language.
Click to select the created custom rule set.

For details about the number of supported custom rules, see CodeArts Check Specifications.
Lines of code scanned by a rule set with only custom rules: max. 100,000. This applies when the rule set contains only custom rules.
Duration per code check task with 100,000 LOC scanned by a rule set with only custom rules: max. 1.5 hours. This applies when the rule set contains only custom rules.
Only the te_admin account and rule creators can edit and delete custom rules.

Choose Create Rule > Create Rule and set parameters by referring to Table 1.

**Table 1** Rule parameters
Parameter	Description	Mandatory
Rule Name	Custom rule name. It can be customized. Letters, digits, periods (.), underscores (_), and hyphens (-) allowed. 1 to 255 characters.	Yes
Tool Rule Name	The value is automatically filled based on the name of the file name of the uploaded rule source code file and cannot be modified.	Yes
Tool	Check tool used by a custom rule. Currently, only SecBrella is supported.	Yes
Language	Language checked by a custom rule. Currently, only Java and ArkTS are supported.	Yes
Source Code	Rule source code file. Create a .kirin file, create a domain-specific language (DSL) for rules, run the local plug-in to generate a SecH_Rule name.json file in the OutputReport directory, and upload the .json file.	Yes
Severity	Severity of a code issue detected by a rule. The value can be Critical, Major, Minor, or Suggestion.	Yes
Tag	Rule tag for different scenarios. Use commas (,) to separate multiple tags.	No
Description	Rule description. The content can contain code in Markdown. Max. 10,000 characters.	Yes
Compliant Example	Compliant code example. The content contains code in Markdown. Max. 10,000 characters.	No
Noncompliant Example	Noncompliant code example. The content contains code in Markdown. Max. 10,000 characters.	No
Fix Suggestions	Issue fixing suggestions. The content can contain code in Markdown. Max. 10,000 characters.	No

Batch rule import is a restricted function. To use this function, contact technical support.

Click the Rules tab.
Choose Create Rule > Import Rules. In the displayed dialog box, download the rule import template.

Figure 1 Importing rules
After filling in the rule information according to the template requirements, click and select the file for rule import.
Click Confirm.