RootCause - Docs

English

Español

English

Español

Appearance

Rules Command

The rules command allows you to manage rule sets used by RootCause for code analysis. Rules are stored in the ~/.config/rootcause/rules directory by default.

$>rootcause rules help
Manage security rules and rule sets

Usage: rootcause rules <COMMAND>

Commands:
  verify   Verify that rules are correctly formatted
  inspect  Inspect a specific rule or all rules from a file
  install  Install a ruleset from a tarball
  update   Update installed rulesets
  remove   Remove an installed ruleset
  list     List installed rulesets
  help     Print this message or the help of the given subcommand(s)

Options:
  -h, --help  Print help
  
$>rootcause rules list
[LIST] Listing installed rulesets...

Official RootCause Rules
  └─ Name: Official RootCause Rules
  └─ Author: RootCause Team
  └─ Version: 1.0.0
  └─ Origin: https://github.com/rootcause/rules
  └─ Folder: /home/rootcause-admin/.config/rootcause/rules/official

[SUCCESS] Found 1 ruleset(s)

Rules Location

By default, RootCause looks for rules in:

  • ~/.config/rootcause/rules (Linux/macOS)
  • %APPDATA%\rootcause\rules (Windows)

You can specify additional directories in the config.toml configuration file:

toml
[rules]
rule_dirs = [
    "/home/user/.config/rootcause/rules", 
    "./custom-rules"
]

Supported Rule Formats

RootCause supports multiple rule formats:

  • YAML: Primary format for configuration and code rules
  • JSON: Alternative format for rules
  • Semgrep: Compatible with Semgrep rules
  • OPA WASM: WASM modules for complex rules

Workflow Examples

Install and Use a Rule Set

bash
# 1. Install security rule set
rootcause rules install https://github.com/security/rules/releases/latest/download/security.tar.gz

# 2. Verify it was installed correctly
rootcause rules list

# 3. Verify the rules
rootcause rules verify ~/.config/rootcause/rules

# 4. Inspect a specific rule
rootcause rules inspect py.subprocess-shell

# 5. Use the rules in a scan
rootcause scan . # Rules are installed so they are always used

Update Existing Rules

bash
# Update all rules
rootcause rules update

# Or update a specific one
rootcause rules update security-rules

Manage Custom Rules

bash
# 1. Create directory for custom rules
mkdir ./my-custom-rules

# 2. Create rules in YAML format
# (see rules documentation for format)

# 3. Verify custom rules
rootcause rules verify ./my-custom-rules

# 4. Use in scan
rootcause scan . --rules ./my-custom-rules

RootCause - Modular Static Analysis Engine

Copyright © 2024 RootCause