- Add only new files to git. Do not modify the existing staging unless explicitly required.
- Implement everything in pure Kotlin, making full use of IDE-assisted language features and inspections.
- Add inspection messages and tooltips to SecurityPluginBundle.properties.
- Create the inspection draft in the technology-specific folder under securityLinter.
- Add tests covering the inspection:
- Example of a Docker inspection: DS003SshPortExposed.kt
- Example of test data for Docker inspections: DS003
- Example of extended test data with additional cases: DS029
- Create an inspection description in HTML using the same filename as the inspection class in inspectionDescriptions.
- Register the inspection in XML:
- For YAML-based inspections: dev.protsenko.security-linter-yaml.xml
- For general and Docker-based inspections: plugin.xml
- If the inspection validates Docker RUN commands, follow the rules defined in RunCommandValidator.kt.
- Register the required extension points in plugin.xml.
- If the inspection is YAML-based, use the bundled helper classes such as YamlPath.kt.
- Ensure that all tests pass.
- If the plugin version has not been updated in gradle.properties, update it.
- Update the changelog in CHANGELOG.md.
- Perform a full build and run the complete test suite for the plugin.
- All inspections must be registered and covered by tests.
- All inspections must leverage Kotlin and IDE capabilities effectively.
- All reusable helper utilities should be covered by JUnit 3 tests.
- All inspections must cover corner cases and include extended test scenarios.