What qualifies as a GuardRails issue?
Our vision is to make security available for all. As part of that the biggest problem to tackle, besides making security accessible, is to make security relevant and actionable. Security tools are designed to identify all patterns that may cause security issues, no matter how low the potential impact. This provides a big hurdle for developers that are not experts in security, because they have to understand which issues are relevant and which issues aren't.
We at GuardRails spend a tremendous amount of time on tuning the rules, improving them and making sure the amount of false positives are continuously getting closer to 0. GuardRails issues are security issues that have a high impact if exploited by attackers. This means issues that cause the targeted application to stop working (Denial of Service), allow attackers to get full access to user data, or allow attackers to take over the application.
For that reason, GuardRails may be perceived as "quiet".
Our goal is to not bother people with security, unless it is absolutely necessary to take immediate action.
Getting Started with GuardRails
GuardRails is all about providing a great Developer Experience and the getting started is very easy. For our cloud-based offering you can get started in minutes. Select below for specific instructions on how to get started on a specific platform: ...
What languages does Guardrails support?
When does GuardRails comment on a PR/MR?
By default, GuardRails only comments on a Pull Request/Merge Request if security issues have been identified in the changed lines of code. However, GuardRails can be configured to create PR/MR comments for security issues in: All Files All Changed ...
The GuardRails product documentation is managed on a separate portal. You can browse the documentation here, or go straight to these popular sections: What is GuardRails Getting Started Configuration Vulnerability Descriptions Security