Class DefaultSecurityTaxonomy
This class exposes a human-readable taxonomy definition that is supplied to
the AI suggestion engine when no external taxonomy file is configured and
AiOptions.TaxonomyMode.DEFAULT is
selected. The taxonomy defines the controlled vocabulary, decision rules, and
naming conventions used when classifying security-relevant tests.
Purpose
The taxonomy is designed to improve classification consistency by providing the AI provider with a stable and explicit specification of:
- what constitutes a security-relevant test
- which security category tags are allowed
- how tags should be selected
- how security-oriented display names should be formed
The default taxonomy favors readability and professional descriptive clarity.
For a more compact taxonomy tuned specifically for model reliability, see
OptimizedSecurityTaxonomy.
This class is a non-instantiable utility holder.
- See Also:
-
Method Summary
-
Method Details
-
text
Returns the default built-in taxonomy text used for AI classification.The returned text is intended to be embedded directly into provider prompts and therefore contains both conceptual guidance and operational classification rules. It defines:
- scope of security-relevant tests
- mandatory and optional tagging rules
- allowed taxonomy categories
- guidance for class-level versus method-level tagging
- display name conventions
- AI-oriented decision instructions
The taxonomy includes the following category tags:
auth,access-control,crypto,input-validation,injection,data-protection,logging,error-handling, andowasp.The returned value is immutable text and may safely be reused across multiple AI requests.
- Returns:
- default taxonomy text used to instruct AI classification
- See Also:
-