01
Coverage
What does Resources overview test?
- Everything needed to operate Pencheff
- Jump into setup guides, feature references, reporting conventions, API documentation, methodology pages, and workflow-specific playbooks.
- Dropdown section: Docs, references, and playbooks.
- Semgrep OSS packs, Bandit, gosec, Brakeman, ESLint security, tree-sitter rules, and niche-language scaffolds.
- Secret detection with gitleaks and suspicious-code indicators with YARA-style patterns.
- GitHub repository connection, webhook-triggered scans, hardlink staging, gitignore-aware filtering, and default-deny controls.
- SARIF and GitHub check run output so developers see findings where they work.
- Auto-fix preparation for Semgrep autofix, SCA version bumps, and reviewer-friendly patch synthesis.