port-docs icon indicating copy to clipboard operation
port-docs copied to clipboard
verified publisher icon port-labs

guides/PCI-DSS-Scorecard-Template

Open udayk-port opened this issue 3 months ago • 3 comments

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context.

Added docs pages

  • setup-pci-dss-code-compliance.md

udayk-port avatar Sep 05 '25 06:09 udayk-port

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-2772.d2ngvl90zqbob8.amplifyapp.com

aws-amplify-eu-west-1[bot] avatar Sep 05 '25 07:09 aws-amplify-eu-west-1[bot]

/improve

hadar-co avatar Nov 09 '25 13:11 hadar-co

PR Code Suggestions ✨

CategorySuggestion                                                                                                                                    Impact
Possible issue
Fix inconsistent rule reference

Correct the rule description for asv_pass_parity. The documentation incorrectly
references max_risk_score_replacing_asv, which is not defined; it should
reference a defined property like asv_pass_parity = 0.

docs/guides/all/setup-pci-dss-code-compliance.md [642-648]

 #### 6. ASV Parity for Public-Facing Assets
 
 - **Identifier:** `asv_pass_parity`
 - **Goal:** Align with PCI DSS **Approved Scanning Vendor (ASV)** pass/fail standards.
-- **Rule:** `max_risk_score_replacing_asv < 400`
+- **Rule:** `asv_pass_parity = 0` (or use `max_risk_score < 400` if using the max-risk aggregation)
 - **Description:**
   Ensures public-facing services do not have vulnerabilities equivalent to CVSS ≥ 4.0.
  • [x] Apply / Chat
Suggestion importance[1-10]: 8

__

Why: This suggestion correctly identifies a critical inconsistency between the documentation and the provided JSON configuration, which would cause the rule to fail if implemented as described.

Medium
General
Standardize title and tag casing

Update the guide's title to use title case, changing "PCI DSS code security
scorecard" to "PCI DSS Code Security Scorecard", for consistency with other
guide titles.

src/components/guides-section/consts.js [1451-1457]

 {
-    title: "PCI DSS code security scorecard",
+    title: "PCI DSS Code Security Scorecard",
     description: "Continuously track compliance with PCI DSS requirements using code scans and vulnerability data",
-    tags: ["Security", "Scorecards", "Snyk", "PCI DSS"],
+    tags: ["Security", "Scorecards", "Snyk", "PCI-DSS"],
     logos: ["Snyk"],
     link: "/guides/all/setup-pci-dss-code-compliance",
 },
  • [x] Apply / Chat
Suggestion importance[1-10]: 5

__

Why: The suggestion correctly points out inconsistent title casing compared to the guide's H1 title and other entries, improving UI consistency across the application.

Low
Standardize property display title

Update the title for the hardcoded_secrets property from "hardcoded_secrets" to
"Hardcoded Secrets" to align with the title casing used for other properties in
the guide.

docs/guides/all/setup-pci-dss-code-compliance.md [221-253]

 <details>
-<summary><b>PCI DSS Scorecard (Click to expand)</b></summary>
+<summary><b>PCI DSS Scorecard (Click to Expand)</b></summary>
 
 ```json showLineNumbers
 {
     "hardcoded_secrets": {
-      "title": "hardcoded_secrets",
+      "title": "Hardcoded Secrets",
       "icon": "Bug",
       "type": "number",
       "target": "snykVulnerability",
       "query": {
         "combinator": "and",
         "rules": [
           {
             "property": "category",
             "operator": "in",
             "value": [
               "CWE-798",
               "CWE-259",
               "CWE-321",
               "CWE-547",
               "CWE-260"
             ]
           }
         ]
       },
       "calculationSpec": {
         "func": "count",
         "calculationBy": "entities"
       }
     },
```
  • [x] Apply / Chat
Suggestion importance[1-10]: 4

__

Why: The suggestion correctly identifies an inconsistent title casing for the hardcoded_secrets property and improves the consistency and readability of the provided JSON configuration.

Low
Normalize heading and title casing

Standardize the heading for "Maximum Risk Score aggregation" by adding a space
and capitalizing "Expand". Also, update the JSON title from "Max risk score" to
"Max Risk Score" for consistency.

docs/guides/all/setup-pci-dss-code-compliance.md [302-311]

 <details>
-<summary><b>Maximum Risk Score aggregation(Click to expand)</b></summary>
+<summary><b>Maximum Risk Score Aggregation (Click to Expand)</b></summary>
 ```json showLineNumbers
 {
     "max_risk_score": {
-      "title": "Max risk score",
+      "title": "Max Risk Score",
       "icon": "Bug",
       "type": "number",
       "description": "Alternate to ASV Pass Parity CVSS > 4",
       "target": "snykVulnerability",
       ...
     },

[To ensure code accuracy, apply this suggestion manually]

Suggestion importance[1-10]: 4

__

Why: The suggestion correctly identifies and fixes inconsistent casing and spacing in a heading and a JSON title, improving the overall quality and consistency of the documentation.

Low
Organization
best practice
Enhance code fence metadata

Add a language identifier and showLineNumbers to improve readability and
copying.

docs/guides/all/setup-pci-dss-code-compliance.md [607-610]

-```text
+```text showLineNumbers
 a3_injection = 0
 a1_access_control_flaws = 0



- [ ] **Apply / Chat** <!-- /improve --apply_suggestion=4 -->


<details><summary>Suggestion importance[1-10]: 5</summary>

__

Why: 
Relevant best practice - Pattern 14: Specify language for all code fences; Pattern 4: add showLineNumbers to multi-line blocks.

</details></details></td><td align=center>Low

</td></tr><tr><td>



<details><summary>Remove unnecessary hard breaks</summary>

___

**Remove trailing double spaces and use plain markdown without extra hard line <br>breaks unless needed.**

[docs/guides/all/setup-pci-dss-code-compliance.md [568-570]](https://github.com/port-labs/port-docs/pull/2772/files#diff-160b613dbc441a90d2732043048a2cb3514524c382759968e3830e7b336d650cR568-R570)

```diff
-#### **How levels work:**  
-- To reach a higher level, **all rules in that level and all lower levels must pass**.  
+#### How levels work:
+- To reach a higher level, **all rules in that level and all lower levels must pass**.
 - This creates a clear maturity path from basic hygiene to advanced compliance.
  • [x] Apply / Chat
Suggestion importance[1-10]: 4

__

Why: Relevant best practice - Pattern 11: Use queryString on Tabs and HTML headings inside tabs; avoid markdown headers within tabs.

Low
Organization
best practice
Add admonition title

Provide an admonition title instead of bolding inside the body for clarity and
consistency.

docs/guides/all/setup-pci-dss-code-compliance.md [670-671]

-:::tip **Note:** Replace `"example_team"` with your actual team name or remove this rule if not needed.
+:::tip Configuration note
+Replace `"example_team"` with your actual team name or remove this rule if not needed.
 :::
  • [ ] Apply / Chat
Suggestion importance[1-10]: 5

__

Why: Relevant best practice - Pattern 15: Always include a title with admonitions.

Low
Standardize details summary text

Use "(click to expand)" in lowercase for consistency across docs.

docs/guides/all/setup-pci-dss-code-compliance.md [31]

-<summary><b>PCI DSS Scorecard (Click to expand)</b></summary>
+<summary><b>PCI DSS Scorecard (click to expand)</b></summary>
  • [x] Apply / Chat
Suggestion importance[1-10]: 4

__

Why: Relevant best practice - Pattern 1: Standardize collapsible details summaries with bold titles and "(click to expand)" in sentence case.

Low
  • [ ] More

qodo-code-review[bot] avatar Nov 09 '25 13:11 qodo-code-review[bot]

@codex review

sivanel97 avatar Dec 01 '25 07:12 sivanel97

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits. Credits must be used to enable repository wide code reviews.

chatgpt-codex-connector[bot] avatar Dec 01 '25 07:12 chatgpt-codex-connector[bot]

@codex review

udayk-port avatar Dec 04 '25 06:12 udayk-port

Codex Review: Something went wrong. Try again later by commenting “@codex review”.

You don't have the ability to clone this repository.
ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector[bot] avatar Dec 04 '25 06:12 chatgpt-codex-connector[bot]

🤖 AI Assistant Feedback Request

I noticed that codex authored a comment!

To help us improve our AI assistance, could you please let us know:

Did the AI assistant help you?

  • Helpful - The AI provided useful assistance
  • Not helpful - The AI didn't provide useful assistance
  • 🔄 Partially helpful - The AI was somewhat useful but could be better

How to provide feedback Please reply to this comment with /feedback/ followed by any feedback you'd like to share.
For example: /feedback The AI's answer was unclear. or /feedback Great job! Very helpful.

We appreciate any thoughts or suggestions that help us improve.

Your input helps us make our AI tools better. 🚀

Detected AI assistant: codex

github-actions[bot] avatar Dec 04 '25 06:12 github-actions[bot]