Usage
Show Help
qg --help
Configuration
Configuration options can be declared one of three ways. In order of preference.
- At the command line
- As an environment variable
- In a configuration file
File
QueryGuard configuration can be stored in several different locations depending on your needs. It can also be specified using the --settings option at the command line.
File Names:
- queryguard.toml
- .queryguard.toml
- pyproject.toml
File Locations:
- current directory
- .config directory relative to the current directory
- the parent directory
- a .config directory relative to the parent directory
- the home directory
- a .config directory relative to the home directory
Environment Variables
QueryGuard looks for environment variables with a prefix of QUERYGUARD_
followed by the setting name.For example to ignore rule id S001 you could
set the QUERYGUARD_IGNORE
environment variable to S001
.
Options
A list of the available options.
settings
Specify the configuration file to use. Particularly useful when enforcing rules centrally in a CI process without relying on the projects configuration.
Example: Specify a configuration file during execution.
qg . --settings /etc/queryguard_configuration.toml
select
Specify a list of enabled rules to use for evaluation.
Default: ["S"]
Example: Only evaluate rule id's S001 and S002 at the command line.
qg . --select S001, S002
Example: Evaluate all rules in the security group (i.e. S).
qg . --select S
Example: Only evaluate rule id's S001 and S002 in an environment variable.
QUERYGUARD_SELECT=S001,S002 qg .
Example: Only evaluate rule id's S001 and S002 in a configuration file.
[tool.queryguard]
select = ["S001", "S002"]
ignore
Specify a list of enabled rules to ignore for evaluation.
Default: []
Example: Skip evaluation of rule id's S001 and S002 at the command line.
qg . --ignore S001, S002
Example: Skip evaluation of all rules in the security group (i.e. S).
qg . --ignore S
Example: Skip evaluation of rule id's S001 and S002 in an environment variable.
QUERYGUARD_IGNORE=S001,S002 qg .
Example: Skip evaluation of rule id's S001 and S002 in a configuration file.
[tool.queryguard]
ignore = ["S001", "S002"]
output
Set the output format.
Default: "text"
Example: Set the output format to json using the command line.
qg . --output json
Example: Set the output format to json using an environment variable.
QUERYGUARD_OUTPUT=json qg .
Example: Set the output format to json using the configuration file.
[tool.queryguard]
output = "json"