[K9VULN-11777] Add summarized legacy config doc#856
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a standalone documentation page capturing the legacy static-analysis.datadog.{yml,yaml} configuration format so it can be referenced externally while the project transitions to the newer config schema.
Changes:
- Added
doc/legacy_config.mddescribing the legacy configuration file schema and semantics. - Included annotated YAML examples demonstrating legacy ruleset/rule configuration and path filtering.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - `rulesets`: (required) a list with all the rulesets to use for this repository (see [Datadog Documentation](https://docs.datadoghq.com/security/code_security/static_analysis/static_analysis_rules/) for a full list). The elements of this list must be strings or maps containing a configuration for a ruleset (described below.) | ||
| - `ignore`: (optional) a list of path prefixes and glob patterns to ignore. A file that matches any of its entries will not be analyzed. | ||
| - `only`: (optional) a list of path prefixes and glob patterns to analyze. If `only` is specified, only files that match one of its entries will be analyzed. | ||
| - `ignore-gitignore`: (optional) by default, any entries found in the `.gitignore` file are added to the `ignore` list. If the `ignore-gitignore` option is true, the `.gitignore` file is not read. |
There was a problem hiding this comment.
The legacy schema reference omits the ignore-generated-files top-level option, but the legacy config parser supports it (kebab-case field ignore_generated_files). This doc should list the option (and its default behavior) so users can discover how to include generated files when needed.
| - `ignore-gitignore`: (optional) by default, any entries found in the `.gitignore` file are added to the `ignore` list. If the `ignore-gitignore` option is true, the `.gitignore` file is not read. | |
| - `ignore-gitignore`: (optional) by default, any entries found in the `.gitignore` file are added to the `ignore` list. If the `ignore-gitignore` option is true, the `.gitignore` file is not read. | |
| - `ignore-generated-files`: (optional) by default, generated files are ignored and not analyzed. If the `ignore-generated-files` option is false, generated files will be included in the analysis. |
| @@ -0,0 +1,131 @@ | |||
| # Legacy Configuration File | |||
| The static analyzer has backwards-compatible support for the legacy `static-analysis.datadog.yml` configuration file, | |||
| which has a different schema and semantics than the current configuration schema (See: [Configuration file](https://github.com/DataDog/datadog-static-analyzer?tab=readme-ov-file#configuration-file)). | |||
There was a problem hiding this comment.
The link to the current configuration schema uses a GitHub UI-specific query string (?tab=readme-ov-file), which is brittle and may not work in non-GitHub renderers. Prefer a repo-relative Markdown link to the relevant doc/section (e.g., README section anchor) so the reference remains stable.
| which has a different schema and semantics than the current configuration schema (See: [Configuration file](https://github.com/DataDog/datadog-static-analyzer?tab=readme-ov-file#configuration-file)). | |
| which has a different schema and semantics than the current configuration schema (See: [Configuration file](../README.md#configuration-file)). |
| The static analyzer has backwards-compatible support for the legacy `static-analysis.datadog.yml` configuration file, | ||
| which has a different schema and semantics than the current configuration schema (See: [Configuration file](https://github.com/DataDog/datadog-static-analyzer?tab=readme-ov-file#configuration-file)). | ||
|
|
||
| Users may continue to use their `static-analysis.datadog.yml` configuration file with no disruptions or behavior | ||
| changes. A migration tool will be provided in the future. |
There was a problem hiding this comment.
This doc refers to the legacy config as static-analysis.datadog.yml, but the CLI loader accepts both .yml and .yaml extensions for the legacy config basename. Consider documenting both supported filenames to avoid confusing users who already use the .yaml variant.
Takes the current README.md and extracts it into a separate doc.
This will be linked to by #852