ESLint - Zenable Governance Platform

Overview

ESLint is a pluggable static analyzer for JavaScript and TypeScript. Zenable generates an ESLint configuration that enables and configures the rules needed to enforce a requirement, drawing on core rules, plugin rules, and the no-restricted-syntax / no-restricted-imports selectors for bespoke patterns.

Capabilities

Static analysis of JavaScript and TypeScript without running the code
Enforces code-quality, style, and security rules via core and plugin rules
Bans specific syntax, APIs, or imports with actionable messages
Configurable severity per rule (off / warn / error)

Limitations

JavaScript and TypeScript only — check out Semgrep or CodeQL for other languages
Single-file analysis — check out CodeQL for cross-file data-flow analysis
Not applicable to infrastructure or config files — check out Checkov or Conftest
Does not test runtime state — check out InSpec or Goss

Generated Format

Language: JSON
Structure: An ESLint configuration object with a rules map (and plugins when plugin rules are used)
Execution: eslint --config <config>.json --format json <source>

Example Guardrail

{
  "rules": {
    "no-restricted-syntax": [
      "error",
      {
        "selector": "CallExpression[callee.name='eval']",
        "message": "eval() is forbidden; it enables code injection."
      }
    ],
    "eqeqeq": "error"
  }
}

Learn more at the ESLint documentation and the rules reference.

Checkov Kyverno

​Overview

​Capabilities

​Limitations

​Generated Format

​Example Guardrail

Overview

Capabilities

Limitations

Generated Format

Example Guardrail