You can import Semgrep-compatible SAST rules that you create as yaml files. The files must have yaml or yml extensions and the rules should be inside a gzip or tar archive.
Import SAST rules through the user interface
You can bulk import rules through the user interface.
- 
From the left sidebar, navigate to Policies and Rules and select SAST RULES. 
- 
Click Import.  
- 
Click Browse and select the archive file that contains the rules. 
- 
Enter the version of the rule, if required. If you do not enter a version and the rules already exist in the system, the rule upload may fail. 
Import SAST rules with endorctl
You can bulk import a number of rules using the following command.
endorctl rule-set import --file-path <file> --rule-version <version> -n namespace
| Option | Description | 
|---|---|
| -n,--namespace | Namespace of the project with which you are working. Mandatory. | 
| β-file-path | The path to the file that contains the rule set that should be imported. Supported file types are .tarand.gz. | 
| βrule-version | The semantic version that applies to all the rules in the set. The command fails if there are any rules that exist with this version. |