Fix digital certificates rule to not assume parsing capability.#87
Merged
santosomar merged 2 commits intodevelopfrom Jan 20, 2026
Merged
Conversation
thomas-bartlett
added
enhancement
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the digital certificates rule to reflect that AI agents cannot parse X.509 certificates without specialized tools. Instead of instructing agents to directly validate certificate properties, the rule now guides agents to flag certificates for verification and list the security checks that must be performed.
Changes:
- Updated main rule description to instruct agents to flag certificates for verification rather than parse them directly
- Modified section 2 guidance to emphasize that certificates must be flagged for validation
- Added "Verification Guidance" section with OpenSSL command for inspecting certificates
- Rewrote both examples to show flagging approach instead of claiming to perform validation
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
ramraaj25
reviewed
Jan 20, 2026
skills/software-security/rules/codeguard-1-digital-certificates.md
Outdated
Show resolved
Hide resolved
skills/software-security/rules/codeguard-1-digital-certificates.md
Outdated
Show resolved
Hide resolved
santosomar
approved these changes
Jan 20, 2026
Contributor
santosomar
left a comment
santosomar
left a comment
There was a problem hiding this comment.
Thank you for addressing this!
santosomar
deleted the
fix/digital-certificates-rule-no-parsing-assumption
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes the digital certificates rule which previously assumed AI agents could parse X.509 certificates to extract properties like key size and expiration. Since agents cannot decode certificate data without specialized tools, the rule now instructs agents to flag certificates for verification and list required security checks, rather than claiming to perform the validation directly.