Conversation
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
There was a problem hiding this comment.
Pull request overview
Adds a new blog post announcing and explaining CRSLang as a next-generation, YAML-based rule language for OWASP CRS, including motivation, examples, and migration guidance.
Changes:
- Introduces a new long-form blog post describing CRSLang and the rationale for moving beyond Seclang
- Includes multiple illustrative Seclang vs CRSLang examples, plus discussion of features (templates, logical expressions, translation)
- Adds links and calls-to-action for readers to learn more and join discussions
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
content/blog/2026-01-22-introducing-crslang-the-next-generation-rule-language.md
Outdated
Show resolved
Hide resolved
content/blog/2026-01-22-introducing-crslang-the-next-generation-rule-language.md
Outdated
Show resolved
Hide resolved
content/blog/2026-01-22-introducing-crslang-the-next-generation-rule-language.md
Outdated
Show resolved
Hide resolved
Deploying website with
|
| Latest commit: |
364a15a
|
| Status: | 🚫 Deploy failed. |
|
@copilot open a new pull request to apply changes based on the comments in this thread |
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
fzipi
force-pushed
the
feat/add-blogpost-crslang
branch
from
9628510 to
443929f
Compare
|
|
||
| CRSLang introduces reusable rule components, making it easier to maintain consistent patterns across your rule set. You can also define common patterns and use them with different variables: | ||
|
|
||
| ``` |
There was a problem hiding this comment.
This example uses native YAML. While that's certainly a case of reuse, it's a feature of YAML, not CRSLang. The example should rather use the "global" or "scoped" "common definitions" (not sure if we defined a term for those files).
| - Validation and testing frameworks | ||
| - IDE integration capabilities (syntax highlighting, validation, debugging) | ||
|
|
||
| ## The Technology |
There was a problem hiding this comment.
This section is very repetitive of the one before.
content/blog/2026-01-22-introducing-crslang-the-next-generation-rule-language.md
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
I think we need to make it more clear that we don't see CRSLang necessarily as a language that engines will parse but a language for rule writers. We should highlight our vision that the tooling will provide the following functions:
- transform rules into different engine formats (transformers take into account engine quirks)
- engine specific output can be filtered, e.g., by tag, platform to produce minimal / application specific rule sets
- engine specific output can be augmented with additional information, e.g., tags, comments, etc.
…n-rule-language.md Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com>
what