[[assertions]]
alias = "preset_security_related_edits_mention"
description = "Require a security acknowledgement trailer when security ignore files or exclusions are added"
banner = "Security-related ignore changes require a Sec-Ack-By trailer in the commit body."
hint = "Add a trailer like: Sec-Ack-By: security-reviewer"
severity = 220
[assertions.must_satisfy]
[assertions.must_satisfy.condition]
type = "msg_match_any"
mode = "body"
patterns = ['(^|\n)Sec-Ack-By: \S+']
[assertions.skip_if]
[assertions.skip_if.condition]
type = "diff_match_none"
mode = "raw"
patterns = [
'(?m)^\+.*trivy:?ignore',
'(?m)^\+\+\+ b/.*\.trivyignore$',
'(?m)^\+\+\+ b/.*grype(?:\.ya?ml)?$',
]