| { | |
| "code_standards": [ | |
| { | |
| "category": "Security", | |
| "standards": [ | |
| { | |
| "rule_id": "SEC001", | |
| "description": "Avoid hard-coded secrets such as passwords and API keys. Use secure storage solutions." | |
| }, | |
| { | |
| "rule_id": "SEC002", | |
| "description": "Ensure all shell commands have proper sanitization to avoid command injection." | |
| }, | |
| { | |
| "rule_id": "SEC003", | |
| "description": "Apply appropriate role-based access control to sensitive tasks to prevent unauthorized access." | |
| }, | |
| { | |
| "rule_id": "SEC004", | |
| "description": "Ensure secrets are encrypted during storage and transit, and are accessed only when necessary." | |
| }, | |
| { | |
| "rule_id": "SEC005", | |
| "description": "Check Secure Business Logic, ensuring critical automation tasks do not expose or misuse sensitive information." | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Idempotency", | |
| "standards": [ | |
| { | |
| "rule_id": "IDP001", | |
| "description": "Ensure tasks are idempotent, such as using 'state: present' for package installation to avoid repeated actions." | |
| }, | |
| { | |
| "rule_id": "IDP002", | |
| "description": "All configuration files should use templates to ensure consistent and predictable outputs across multiple runs." | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Best Practices", | |
| "standards": [ | |
| { | |
| "rule_id": "BP001", | |
| "description": "Use standard modules for common tasks, such as 'apt' for package management and 'user' for managing users." | |
| }, | |
| { | |
| "rule_id": "BP002", | |
| "description": "Use variables for values that are subject to change, ensuring maintainability and readability of the code." | |
| }, | |
| { | |
| "rule_id": "BP003", | |
| "description": "Include meaningful task names for all Ansible tasks, making playbooks self-documenting." | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Readability", | |
| "standards": [ | |
| { | |
| "rule_id": "RD001", | |
| "description": "All significant tasks must have clear and descriptive comments to explain their purpose." | |
| }, | |
| { | |
| "rule_id": "RD002", | |
| "description": "Use meaningful variable names that convey the purpose clearly to ensure easy understanding for future developers." | |
| }, | |
| { | |
| "rule_id": "RD003", | |
| "description": "Ensure proper formatting and indentation for better readability and adherence to Ansible's YAML syntax rules." | |
| } | |
| ] | |
| }, | |
| { | |
| "category": "Business Logic Security", | |
| "standards": [ | |
| { | |
| "rule_id": "BLS001", | |
| "description": "Verify that business logic automation does not inadvertently alter data integrity or bypass critical business validations." | |
| }, | |
| { | |
| "rule_id": "BLS002", | |
| "description": "Ensure all critical paths in business processes have appropriate error handling and logging for audit purposes." | |
| }, | |
| { | |
| "rule_id": "BLS003", | |
| "description": "Critical business operations must include validations to prevent data loss or unauthorized modification." | |
| } | |
| ] | |
| } | |
| ] | |
| } | |