---
title: "Configuring Rules in Exakat"
url: https://www.exakat.io/configuring-rules-in-exakat/
date: 2020-10-12
modified: 2020-10-12
author: "dams"
description: "Configuring Rules in Exakat Exakat default installation is tailored for discovery : it is made so as to give a broad view over the engine's possibilities. As your experience grows,..."
categories:
  - "Code auditing"
tags:
  - "configuration"
  - "Exakat"
  - "ignore_rules"
  - "project"
  - "rules"
  - "rulesets"
image: https://www.exakat.io/wp-content/uploads/2020/10/cone.320.jpg
word_count: 980
---

# Configuring Rules in Exakat

# Configuring Rules in Exakat

Exakat default installation is tailored for discovery : it is made so as to give a broad view over the engine's possibilities. As your experience grows, a more refined configuration is needed to adapt the results to the style of the development team. This tutorial helps your configuring rules in Exakat.

An Exakat analysis is called a rule. Rules are the atomic element of an audit. They provide all the necessary elements for tracking a bug, collecting context or documenting a piece of code. As their population is growing by the day, rules are grouped in rulesets.

There are three ways to change the rulesets in use : the `ignore_rules` directive, the target report, and the custom rulesets. Let's see how each of them works.

## The Reports

Let's start by the end : the report is the final form of the Exakat audit. It is where the issues that were detected are presented. There are over [30 types of reports](https://exakat.readthedocs.io/en/latest/Reports.html), published with Exakat : some reports are for humans, some are for machines.

Reports have two ways of operating : flexible, they work on any set of rules, or planned, when they require specific sets of rules. Flexible means that they accept a last-minute configuration. The planned reports, on the other hand, add their own configurations from the start.

### Flexible reports

The [Text](https://exakat.readthedocs.io/en/latest/Reports.html#text) report is the most flexible report. It displays the issues, one by line. It doesn't require any ruleset by itself, and accepts any of them as configuration.

```
# default configuration : Analyze
php exakat.phar report -p my-project --format Text -v

# One rule : + 0 analysis
php exakat.phar report -p my-project --format Text -P Structures/AddZero -v

# One Ruleset : Security
php exakat.phar report -p my-project --format Text -T Security -v

```

Note : the above-mentioned commands are valid after [Installation](https://exakat.readthedocs.io/en/latest/Installation.html) and a first Audit run.

Other flexible formats include [sqlite](https://exakat.readthedocs.io/en/latest/Reports.html#sqlite), [XML](https://exakat.readthedocs.io/en/latest/Reports.html#xml) or [YAML](https://exakat.readthedocs.io/en/latest/Reports.html#yaml).

### Planned reports

[Diplomat](https://exakat.readthedocs.io/en/latest/Reports.html#diplomat) is a good example of a report that requires a specific set of ruleset. Diplomat presents lots of information in a graphical interface : when those issues are missing, because they were not run, it creates empty sections. For example, the inventories may be empty.

To avoid empty sections, Diplomat requests a number of rulesets, as soon as Exakat process the project. That way, the Diplomat report will have all the needed information. By configuring Diplomat, Exakat will automatically add the requested rulesets.

### Configuration

To configure, or not, a report, you can use two different files : `config/exakat.ini` or `projects/<my-project>/config.ini`.

In there, add the directive `project_reports[] =`, followed by the name for the report. Repeat as often as needed. You may even use the `All` report, which will produce all of them. The [detailed list](https://exakat.readthedocs.io/en/latest/Reports.html)is available in the documentation.

Configuring `config/exakat.ini` configures the default behavior for every project. Each project may be configured independently with `projects/<my-project>/config.ini`. That last configuration file has precedence over the general configuration.

## The ignore_rules Directive

The `ignore_rules` directive works with planned reports, and the audit phase of Exakat. It is meant to skip a rule, even when the rule is requested by a ruleset or a planned report. The rule is then simply omitted.

Ignoring a rule inside a ruleset, simply reduces the size of the ruleset. As an extreme case, the ruleset may end up empty.

### Configuration

To configure the `ignore_rules` directive, you can use two different files : `config/exakat.ini` or `projects/<my-project>/config.ini`.

In there, add the directive `ignore_rules[] =`, followed by the name for the rule. A rule name uses the format `Directory/Name`. You can find [all of the rules](https://exakat.readthedocs.io/en/latest/Rules.html) in the documentation, online or in [Diplomat's report](https://exakat.readthedocs.io/en/latest/Reports.html#diplomat).

### Doctor Check For Ignored Rules

Once you have added enough rules to the ruleset, you can check its availability with the command `php exakat.phar doctor`. There is a line `ignored rules`, in the `exakat` section of the display. It should bear the name of the rules that were ignored.

## The rulesets

For flexible reports, you can add the rules at generation time.

```
# Two rules : repeat -P option as often as needed
php exakat.phar report -p myself --format Text -P Structures/AddZero -P Structures/MultiplyByOne -v

# One Ruleset : Security
php exakat.phar report -p my-project --format Text -T Security -v

```

The second format is more convenient : for example, the 'Security' ruleset includes over 44 rules. Writing them in a row is too long : this is why rulesets were introduced initially.

To create a custom ruleset, add the file `config/rulesets.ini`. It is a .INI file, with the following structure :

```
[name_of_the_ruleset]
analyzer[] = "Structures/AddZero"
analyzer[] = "Structures/MultiplyByOne"
```

Each section bears the name of one new ruleset. You can add as many rulesets as you want. They must each bear a distinct name, to avoid confusion.

Each section includes the name `analyzer`, with a short rule name as value. The short names are available in the documentation, and reports such as [Diplomat](https://exakat.readthedocs.io/en/latest/Reports.html#diplomat) and [Ambassador](https://exakat.readthedocs.io/en/latest/Reports.html#diplomat).

### Doctor Check For Extra Rulesets

Once you have added enough rules to the ruleset, you can check its availability with the command `php exakat.phar doctor`. There is a line `extra rulesets`, in the `exakat` section of the display. It should bear the name of the ruleset you just created.

### Ruleset Usage

To get tailor your report with the new ruleset, use its name in the report command :

```
# One Ruleset : name_of_the_ruleset
php exakat.phar report -p my-project --format Text -T name_of_the_ruleset -v
```

Note that rules that are invalid, not run during the audit, or non-existing will be omitted in the final result.

## Configuring Exakat As You Need

The three ways to configure Exakat fit the different phases of usage : + Report is an early choice where the rules are chosen by the tool + `ignore_rules` refines the previous choice + Custom rulesets is for advanced users, cherry-picking each rules as fit with the development style.

Happy Audits!