{"id":43009655,"url":"https://github.com/bumahkib7/rust-monorepo-analyzer","last_synced_at":"2026-02-06T23:00:46.784Z","repository":{"id":335561393,"uuid":"1146268825","full_name":"bumahkib7/rust-monorepo-analyzer","owner":"bumahkib7","description":"Ultra-fast Rust-native code intelligence and security analysis platform for large enterprise monorepos. Leverages tree-sitter for polyglot parsing, rayon for parallelism, and tantivy for indexing.","archived":false,"fork":false,"pushed_at":"2026-02-02T14:56:36.000Z","size":1200,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-02-02T15:33:32.502Z","etag":null,"topics":["cli","code-analysis","dependency-analysis","developer-tools","monorepo","rust","static-analysis"],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bumahkib7.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-30T21:03:47.000Z","updated_at":"2026-02-02T11:45:19.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/bumahkib7/rust-monorepo-analyzer","commit_stats":null,"previous_names":["bumahkib7/rust-monorepo-analyzer"],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/bumahkib7/rust-monorepo-analyzer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bumahkib7%2Frust-monorepo-analyzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bumahkib7%2Frust-monorepo-analyzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bumahkib7%2Frust-monorepo-analyzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bumahkib7%2Frust-monorepo-analyzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bumahkib7","download_url":"https://codeload.github.com/bumahkib7/rust-monorepo-analyzer/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bumahkib7%2Frust-monorepo-analyzer/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29179561,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-06T22:12:24.066Z","status":"ssl_error","status_checked_at":"2026-02-06T22:12:09.859Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","code-analysis","dependency-analysis","developer-tools","monorepo","rust","static-analysis"],"created_at":"2026-01-31T05:08:07.955Z","updated_at":"2026-02-06T23:00:46.770Z","avatar_url":"https://github.com/bumahkib7.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# RMA - Rust Monorepo Analyzer\n\n[![CI](https://github.com/bumahkib7/rust-monorepo-analyzer/actions/workflows/ci.yml/badge.svg)](https://github.com/bumahkib7/rust-monorepo-analyzer/actions/workflows/ci.yml)\n[![Release](https://img.shields.io/github/v/release/bumahkib7/rust-monorepo-analyzer)](https://github.com/bumahkib7/rust-monorepo-analyzer/releases)\n[![crates.io](https://img.shields.io/crates/v/rma-cli.svg)](https://crates.io/crates/rma-cli)\n[![Docker](https://img.shields.io/badge/docker-ghcr.io%2Fbumahkib7%2Frma-blue)](https://ghcr.io/bumahkib7/rma)\n[![Homebrew](https://img.shields.io/badge/homebrew-bumahkib7%2Ftap%2Frma-orange)](https://github.com/bumahkib7/homebrew-tap)\n[![Rust](https://img.shields.io/badge/rust-1.85+-orange.svg)](https://www.rust-lang.org)\n[![License](https://img.shields.io/badge/license-MIT%2FApache--2.0-blue.svg)](LICENSE)\n\n**Ultra-fast Rust-native code intelligence and security analysis platform for large enterprise monorepos.**\n\nRMA leverages tree-sitter for polyglot parsing, rayon for parallelism, and tantivy for blazing-fast indexing to deliver sub-minute scans on million-LOC codebases.\n\n## Quick Install\n\n**npm (Node.js):**\n```bash\nnpm install -g rma-cli\n```\n\n**Homebrew (macOS/Linux):**\n```bash\nbrew tap bumahkib7/tap\nbrew install rma\n```\n\n**Cargo (Rust):**\n```bash\ncargo install rma-cli\n```\n\n**Shell Script (Linux/macOS):**\n```bash\ncurl -fsSL https://raw.githubusercontent.com/bumahkib7/rust-monorepo-analyzer/master/install.sh | bash\n\n# Install specific version\nVERSION=0.12.0 curl -fsSL https://raw.githubusercontent.com/bumahkib7/rust-monorepo-analyzer/master/install.sh | bash\n```\n\n**Windows PowerShell:**\n```powershell\niwr -useb https://raw.githubusercontent.com/bumahkib7/rust-monorepo-analyzer/master/install.ps1 | iex\n```\n\n**Docker:**\n```bash\ndocker run -v $(pwd):/workspace ghcr.io/bumahkib7/rma scan /workspace\n```\n\n**GitHub Actions:**\n```yaml\n- uses: bumahkib7/rust-monorepo-analyzer/.github/actions/rma-scan@master\n  with:\n    path: '.'\n    upload-sarif: true\n```\n\n**Pre-commit:**\n```yaml\n# .pre-commit-config.yaml\nrepos:\n  - repo: https://github.com/bumahkib7/rust-monorepo-analyzer\n    rev: v0.12.0\n    hooks:\n      - id: rma\n```\n\n## Supported Languages\n\n| Language | Extensions | Security Rules | Metrics |\n|----------|------------|----------------|---------|\n| Rust | `.rs` | unsafe blocks, unwrap, panic | complexity, LOC |\n| JavaScript | `.js`, `.jsx`, `.mjs` | XSS, injection, secrets | complexity, LOC |\n| TypeScript | `.ts`, `.tsx` | XSS, injection, secrets | complexity, LOC |\n| Python | `.py` | exec, shell injection, secrets | complexity, LOC |\n| Go | `.go` | unsafe, SQL injection | complexity, LOC |\n| Java | `.java` | injection, crypto issues | complexity, LOC |\n\n## Features\n\n- **Polyglot Support**: Rust, JavaScript/TypeScript, Python, Go, Java\n- **Parallel Parsing**: Multi-threaded AST parsing with tree-sitter\n- **Security Analysis**: Detect vulnerabilities, unsafe patterns, hardcoded secrets\n- **Rich Diagnostics**: Rustc-style error output with source context and error codes\n- **AI-Powered Analysis**: Optional AI-assisted vulnerability detection with `--ai` flag\n- **Code Metrics**: Cyclomatic complexity, cognitive complexity, LOC\n- **Fast Indexing**: Tantivy-based full-text search\n- **Incremental Mode**: Only re-analyze changed files\n- **Multiple Output Formats**: Text, JSON, SARIF, Compact, Markdown, GitHub\n- **Real-time Watch Mode**: WebSocket-based live updates with interactive keyboard controls\n- **HTTP API**: Daemon mode with WebSocket support for IDE integration\n- **IDE Integrations**: VS Code, Neovim, JetBrains, and Web Dashboard\n- **Doctor Command**: Health check for RMA installation (`rma doctor`)\n- **Duplicate Detection**: Find copy-pasted functions across your codebase\n- **WASM Plugins**: Extend with custom analysis rules\n- **External Providers**: Optional integration with PMD for enhanced Java analysis\n- **Shell Completions**: Bash, Zsh, Fish, PowerShell, Elvish\n\n## Quick Start\n\n```bash\n# Scan current directory\nrma scan .\n\n# Scan with AI-powered analysis\nrma scan ./src --ai\n\n# Scan with JSON output for CI/CD\nrma scan . --output json -f results.json\n\n# Scan with SARIF output for GitHub Code Scanning\nrma scan . --output sarif -f results.sarif\n\n# Watch mode for continuous analysis\nrma watch .\n\n# Search indexed code\nrma search \"TODO\" --type content\n\n# View statistics\nrma stats\n\n# Check installation health\nrma doctor\n\n# Scan only changed files in a PR\nrma scan . --changed-only\n```\n\n## CLI Commands\n\n| Command | Description |\n|---------|-------------|\n| `scan` | Scan a repository for security issues and metrics |\n| `watch` | Watch for file changes and re-analyze in real-time |\n| `search` | Search the index for files or findings |\n| `stats` | Show index and analysis statistics |\n| `init` | Initialize RMA configuration in current directory |\n| `daemon` | Start HTTP API server for IDE integration |\n| `doctor` | Check RMA installation health and configuration |\n| `plugin` | Manage WASM analysis plugins |\n| `config` | View and modify configuration |\n| `completions` | Generate shell completions |\n\n### Scan Options\n\n```\nrma scan [PATH] [OPTIONS]\n\nOptions:\n  -o, --output \u003cFORMAT\u003e     Output format: text, json, sarif, compact, markdown [default: text]\n  -f, --output-file \u003cFILE\u003e  Output file (stdout if not specified)\n  -s, --severity \u003cLEVEL\u003e    Minimum severity: info, warning, error, critical\n  -i, --incremental         Enable incremental mode (only scan changed files)\n      --changed-only        Only scan files changed in git (for PR workflows)\n  -j, --parallelism \u003cN\u003e     Number of parallel workers (0 = auto-detect)\n  -l, --languages \u003cLANGS\u003e   Languages to scan (comma-separated)\n      --providers \u003cLIST\u003e    Analysis providers (rma,pmd,oxlint) [default: rma]\n      --ai                  Enable AI-powered vulnerability analysis\n      --no-progress         Disable progress bars\n  -v, --verbose             Increase verbosity (-v, -vv, -vvv)\n  -q, --quiet               Suppress non-essential output\n```\n\n### Watch Options\n\n```\nrma watch [PATH] [OPTIONS]\n\nOptions:\n  -d, --debounce \u003cMS\u003e       Debounce delay in milliseconds [default: 500]\n  -l, --languages \u003cLANGS\u003e   Languages to watch\n      --clear               Clear screen on each change\n      --no-initial-scan     Skip initial directory scan (only show changes)\n      --errors-only         Only show errors, not warnings\n  -q, --quiet               Suppress non-essential output\n```\n\n**Interactive Keyboard Shortcuts:**\n\n| Key | Action |\n|-----|--------|\n| `q` / `c` | Quit watch mode |\n| `r` | Force re-scan of all files |\n| `s` | Show current statistics |\n| `e` | Toggle errors-only mode |\n| `p` | Pause/resume watching |\n| `?` | Show help |\n\n## Output Formats\n\n| Format | Use Case |\n|--------|----------|\n| `text` | Human-readable terminal output with rustc-style diagnostics |\n| `json` | Machine-readable for programmatic processing |\n| `sarif` | GitHub Code Scanning, Azure DevOps integration |\n| `compact` | Minimal output for CI logs |\n| `markdown` | Documentation and reports |\n| `github` | GitHub Actions workflow commands (annotations) |\n\n### Rich Diagnostics Output\n\nRMA produces rustc-style diagnostic output with error codes, source context, and underline highlighting:\n\n```\nwarning[RMA-Q501]: Function has 105 lines (max: 100) - consider refactoring\n  --\u003e src/analyzer.rs:219:5\n217 │     }\n218 │\n219 │     fn check(\u0026self, parsed: \u0026ParsedFile) -\u003e Vec\u003cFinding\u003e {\n    │     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ function too long\n    ... (104 more lines)\n   = note: rule: generic/long-function\n\ncritical[RMA-S005]: SQL query built with format! - use parameterized queries instead\n  --\u003e src/database.rs:42:9\n40 │     let user_input = get_input();\n41 │\n42 │     format!(\n    │     ^^^^^^^^ SQL query built from untrusted input\n43 │         \"SELECT * FROM users WHERE name = '{}'\",\n44 │         user_input\n   = note: rule: rust/sql-injection\n```\n\n### Error Codes\n\n| Code Range | Category |\n|------------|----------|\n| RMA-S001-S999 | Security issues (unsafe, XSS, injection, etc.) |\n| RMA-Q001-Q999 | Quality issues (complexity, length, style) |\n| RMA-T001-T999 | Style issues (TODO, console.log, etc.) |\n| RMA-J001-J999 | Java external tool findings (PMD) |\n\n### GitHub Actions Integration\n\nRMA provides a reusable GitHub Action for easy CI/CD integration with automatic SARIF upload to GitHub Security tab.\n\n#### Quick Setup (Reusable Workflow)\n\n```yaml\nname: Security Scan\n\non: [push, pull_request]\n\njobs:\n  security-scan:\n    uses: bumahkib7/rust-monorepo-analyzer/.github/workflows/rma-scan-reusable.yml@master\n    permissions:\n      contents: read\n      security-events: write\n    with:\n      path: './src'\n      severity: 'warning'\n      upload-sarif: true\n```\n\n#### Composite Action (More Control)\n\n```yaml\nname: Security Scan\n\non: [push, pull_request]\n\njobs:\n  scan:\n    runs-on: ubuntu-latest\n    permissions:\n      contents: read\n      security-events: write\n\n    steps:\n      - uses: actions/checkout@v4\n\n      - name: Run RMA Security Scan\n        uses: bumahkib7/rust-monorepo-analyzer/.github/actions/rma-scan@master\n        with:\n          path: '.'\n          format: 'sarif'\n          severity: 'warning'\n          upload-sarif: 'true'\n```\n\n#### Action Inputs\n\n| Input | Description | Default |\n|-------|-------------|---------|\n| `path` | Path to scan | `.` |\n| `format` | Output format (text, json, sarif, compact, markdown, github) | `sarif` |\n| `severity` | Minimum severity (info, warning, error, critical) | `warning` |\n| `languages` | Comma-separated languages to scan | (all) |\n| `ai` | Enable AI-powered analysis | `false` |\n| `verbose` | Enable verbose output | `false` |\n| `upload-sarif` | Upload SARIF to GitHub Security tab | `true` |\n| `show-annotations` | Show GitHub annotations for findings | `true` |\n| `fail-on-findings` | Fail workflow if findings detected | `false` |\n| `version` | RMA version to use | `latest` |\n\n#### Action Outputs\n\n| Output | Description |\n|--------|-------------|\n| `sarif-file` | Path to generated SARIF file |\n| `findings-count` | Number of security findings detected |\n\n#### Manual SARIF Upload\n\n```yaml\n- name: Run RMA Security Scan\n  run: rma scan . --output sarif -f results.sarif\n\n- name: Upload SARIF\n  uses: github/codeql-action/upload-sarif@v3\n  with:\n    sarif_file: results.sarif\n```\n\n## Architecture\n\n```\nrust-monorepo-analyzer/\n├── crates/\n│   ├── common/      # Shared types and utilities\n│   ├── parser/      # Tree-sitter based polyglot parser\n│   ├── analyzer/    # Security and code analysis engine\n│   ├── indexer/     # Tantivy/Sled based indexing\n│   ├── cli/         # Command-line interface\n│   ├── daemon/      # HTTP API server (Axum)\n│   ├── plugins/     # WASM plugin runtime (Wasmtime)\n│   ├── lsp/         # Language Server Protocol\n│   └── ai/          # AI-powered analysis\n```\n\n### Component Overview\n\n| Crate | Purpose |\n|-------|---------|\n| `rma-common` | Core types: Language, Severity, Finding, Config |\n| `rma-parser` | Parallel AST parsing with tree-sitter |\n| `rma-analyzer` | Security rules and metrics computation |\n| `rma-indexer` | Full-text search and incremental updates |\n| `rma-cli` | User-facing CLI binary |\n| `rma-daemon` | Axum-based HTTP API server |\n| `rma-plugins` | Wasmtime-based WASM plugin system |\n| `rma-lsp` | Language Server Protocol implementation |\n| `rma-ai` | AI-powered vulnerability detection |\n\n## Security Rules\n\n### Rust\n- `rust/unsafe-block` - Detects unsafe blocks requiring manual review\n- `rust/unwrap-used` - Detects .unwrap() calls that may panic\n- `rust/panic-used` - Detects panic! macro usage\n\n### JavaScript/TypeScript\n- `js/dynamic-code` - Detects dangerous dynamic code execution\n- `js/innerHTML-xss` - Detects innerHTML usage (XSS risk)\n- `js/hardcoded-secret` - Detects hardcoded credentials\n\n### Python\n- `python/exec-usage` - Detects exec/compile calls\n- `python/shell-injection` - Detects shell=True patterns\n- `python/hardcoded-secret` - Detects hardcoded credentials\n\n### Go\n- `go/unsafe-usage` - Detects unsafe package usage\n- `go/sql-injection` - Detects SQL injection patterns\n\n### Generic (All Languages)\n- `generic/todo-fixme` - Detects TODO/FIXME comments\n- `generic/long-function` - Detects functions over 100 lines\n- `generic/high-complexity` - Detects high cyclomatic complexity\n- `generic/hardcoded-secret` - Detects API keys and passwords\n- `generic/duplicate-function` - Detects copy-pasted functions (10+ lines)\n- `generic/insecure-crypto` - Detects MD5, SHA-1, DES, RC4, ECB usage\n\n## HTTP API (Daemon Mode)\n\nStart the daemon:\n\n```bash\nrma daemon --host 127.0.0.1 --port 9876\n```\n\n### Endpoints\n\n| Method | Endpoint | Description |\n|--------|----------|-------------|\n| GET | `/health` | Health check |\n| POST | `/api/v1/scan` | Scan a directory |\n| POST | `/api/v1/analyze` | Analyze a single file |\n| GET | `/api/v1/search` | Search indexed files |\n| GET | `/api/v1/stats` | Get daemon statistics |\n| POST | `/api/v1/index` | Trigger re-indexing |\n| WS | `/ws/watch` | WebSocket for real-time updates |\n\n### Example Request\n\n```bash\ncurl -X POST http://localhost:9876/api/v1/scan \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"path\": \"/path/to/repo\", \"languages\": [\"rust\", \"python\"]}'\n```\n\n### WebSocket Real-time Updates\n\nConnect to `/ws/watch` for real-time file change notifications and analysis results:\n\n```javascript\nconst ws = new WebSocket('ws://localhost:9876/ws/watch');\n\nws.onmessage = (event) =\u003e {\n  const msg = JSON.parse(event.data);\n  switch (msg.type) {\n    case 'FileChanged':\n      console.log(`File changed: ${msg.data.path}`);\n      break;\n    case 'AnalysisComplete':\n      console.log(`Analysis: ${msg.data.findings.length} findings`);\n      break;\n  }\n};\n\n// Start watching a directory\nws.send(JSON.stringify({ command: 'Watch', data: { path: '/path/to/repo' } }));\n```\n\n## IDE Integrations\n\nRMA provides official integrations for popular editors and IDEs.\n\n### VS Code Extension\n\n```bash\n# Install from VSIX\ncode --install-extension editors/vscode-rma/rma-vscode-*.vsix\n```\n\nFeatures:\n- Real-time diagnostics as you type\n- Problem panel integration\n- Quick fixes and code actions\n- Status bar with finding count\n\n### Neovim Plugin\n\n```lua\n-- Using lazy.nvim\n{\n  dir = \"editors/neovim-rma\",\n  config = function()\n    require(\"rma\").setup({\n      daemon_url = \"http://localhost:9876\",\n      auto_start_daemon = true,\n    })\n  end,\n}\n```\n\n### JetBrains Plugin\n\nInstall from `editors/jetbrains-rma/` - supports IntelliJ IDEA, WebStorm, PyCharm, GoLand, and CLion.\n\n### Web Dashboard\n\nFor browser-based real-time monitoring:\n\n```bash\n# Start the daemon\nrma daemon\n\n# Open the dashboard\nopen editors/web-dashboard/index.html\n```\n\nThe web dashboard connects via WebSocket and shows live analysis results as you edit files.\n\n## Plugin System\n\nRMA supports WASM plugins for custom analysis rules:\n\n```bash\n# List installed plugins\nrma plugin list\n\n# Install a plugin\nrma plugin install ./my-plugin.wasm\n\n# Test a plugin\nrma plugin test my-plugin --file src/main.rs\n\n# Remove a plugin\nrma plugin remove my-plugin\n```\n\n## External Providers\n\nRMA supports optional integration with external static analysis tools for enhanced language-specific coverage.\n\n### PMD for Java\n\n[PMD](https://pmd.github.io/) provides comprehensive Java static analysis with hundreds of rules for security, best practices, and code style.\n\n**Enable PMD:**\n```bash\n# Use PMD alongside RMA's native rules\nrma scan . --providers rma,pmd\n\n# Configure PMD in rma.toml (see Configuration section)\n```\n\n**Requirements:**\n- PMD 6.x or 7.x installed and available in PATH\n- Or specify custom path in `rma.toml`\n\n**PMD Rulesets:**\nRMA uses PMD's security, error-prone, and best practices rulesets by default. You can customize which rulesets to use in the configuration.\n\n### Available Providers\n\n| Provider | Languages | Description |\n|----------|-----------|-------------|\n| `rma` | All | Built-in Rust-native rules (always enabled) |\n| `pmd` | Java | PMD static analysis for Java |\n| `oxlint` | JS/TS | Oxlint for JavaScript/TypeScript |\n| `gosec` | Go | Gosec for Go security analysis |\n\n### Gosec for Go\n\n[Gosec](https://github.com/securego/gosec) is the Go Security Checker that inspects Go source code for security problems.\n\n**Install Gosec:**\n```bash\ngo install github.com/securego/gosec/v2/cmd/gosec@latest\n```\n\n**Enable Gosec:**\n```bash\n# Use gosec alongside RMA's native rules\nrma scan . --providers rma,gosec\n```\n\n**Gosec Rules:**\nGosec detects common Go security issues including:\n- G101-G110: Hardcoded credentials, bind to all interfaces\n- G201-G204: SQL injection, command injection\n- G301-G307: File permissions, file traversal\n- G401-G505: Weak crypto, insecure TLS\n\n## Configuration\n\nInitialize configuration:\n\n```bash\nrma init\n```\n\nThis creates `rma.toml`:\n\n```toml\n# Config format version (required)\nconfig_version = 1\n\n[scan]\ninclude = [\"src/**\", \"lib/**\"]\nexclude = [\"node_modules/**\", \"target/**\", \"dist/**\"]\nmax_file_size = 10485760\n\n[rules]\nenable = [\"*\"]\ndisable = [\"js/console-log\"]\n\n[rulesets]\nsecurity = [\"js/xss-sink\", \"js/timer-string-eval\", \"rust/unsafe-block\"]\nmaintainability = [\"generic/long-function\", \"generic/high-complexity\"]\n\n[profiles]\ndefault = \"balanced\"\n\n[profiles.strict]\nmax_function_lines = 50\nmax_complexity = 10\n\n[allow]\nunsafe_rust_paths = [\"src/ffi/**\"]\n\n[baseline]\nfile = \".rma/baseline.json\"\nmode = \"all\"  # or \"new-only\"\n\n# Optional: External providers configuration\n# [providers]\n# enabled = [\"rma\", \"pmd\"]  # Providers to use\n#\n# [providers.pmd]\n# pmd_path = \"/usr/local/bin/pmd\"  # Path to PMD installation\n# rulesets = [\"category/java/security.xml\", \"category/java/bestpractices.xml\"]\n# timeout_ms = 120000  # 2 minute timeout\n# min_priority = 3  # 1-5, lower is more severe\n```\n\n### Inline Suppression\n\nSuppress specific findings with comments:\n\n```javascript\n// rma-ignore-next-line js/xss-sink reason=\"content is sanitized\"\nelement.textContent = processedContent;\n\n// rma-ignore generic/long-function reason=\"complex algorithm\"\nfunction processData() { /* ... */ }\n```\n\n```python\n# rma-ignore-next-line python/hardcoded-secret reason=\"test fixture\"\nTEST_API_KEY = \"test-key-12345\"\n```\n```\n\n### Environment Variables\n\n| Variable | Description |\n|----------|-------------|\n| `RMA_CONFIG` | Path to config file |\n| `RMA_LOG` | Log level (trace, debug, info, warn, error) |\n| `OPENAI_API_KEY` | API key for AI-powered analysis |\n| `RMA_NO_COLOR` | Disable colored output |\n\n## Shell Completions\n\nGenerate completions for your shell:\n\n```bash\n# Bash\nrma completions bash \u003e ~/.local/share/bash-completion/completions/rma\n\n# Zsh\nrma completions zsh \u003e ~/.zfunc/_rma\n\n# Fish\nrma completions fish \u003e ~/.config/fish/completions/rma.fish\n\n# PowerShell\nrma completions powershell \u003e $PROFILE.CurrentUserAllHosts\n```\n\n## Development\n\n```bash\n# Build all crates\nmake build\n\n# Run tests\nmake test\n\n# Run lints\nmake lint\n\n# Format code\nmake fmt\n\n# Full CI check\nmake ci\n\n# Scan RMA's own codebase\nmake self-scan\n\n# Build documentation\nmake docs\n```\n\n## Benchmarks\n\n```bash\n# Run benchmarks\nmake bench\n\n# Compare with Semgrep\nhyperfine 'rma scan /path/to/repo' 'semgrep --config auto /path/to/repo'\n```\n\n## Roadmap\n\n- [x] Multi-language tree-sitter parsing\n- [x] Parallel analysis with rayon\n- [x] SARIF output for CI/CD\n- [x] Watch mode with interactive controls\n- [x] HTTP API daemon with WebSocket support\n- [x] WASM plugin system\n- [x] AI-powered analysis\n- [x] One-command installation\n- [x] GitHub Actions integration\n- [x] VS Code extension\n- [x] Neovim plugin\n- [x] JetBrains plugin\n- [x] Web Dashboard\n- [x] Doctor command\n- [x] Duplicate function detection\n- [ ] LSP integration\n- [ ] Cloud SaaS deployment\n\n## License\n\nLicensed under either of:\n- Apache License, Version 2.0 ([LICENSE-APACHE](LICENSE-APACHE))\n- MIT License ([LICENSE-MIT](LICENSE-MIT))\n\nat your option.\n\n## Contributing\n\nContributions welcome! Please read [CONTRIBUTING.md](CONTRIBUTING.md) first.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbumahkib7%2Frust-monorepo-analyzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbumahkib7%2Frust-monorepo-analyzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbumahkib7%2Frust-monorepo-analyzer/lists"}