Supported Technologies
diffray provides 1,300+ built-in rules across languages, frameworks, and infrastructure tools. Rules are automatically applied based on what files changed in your PR.
Languages
TypeScript
JavaScript
Python
C#
Java
Go
Ruby
Kotlin
Rust
Swift
PHP
Dart
Scala
C/C++
Shell/BashFrontend Frameworks
React
Next.js
Vue.js
Angular
Svelte
CSSBackend Frameworks
Node.js
NestJS
Express
Django
FastAPI
Flask
Spring
Rails
ASP.NET CoreInfrastructure & DevOps
Docker
Kubernetes
Terraform
GitHub ActionsData & APIs
GraphQL
Protobuf/gRPCTesting
Jest
Mocha
VitestBlockchain
SolidityCMS
WordPressCompliance & Security Standards
diffray includes dedicated compliance rules to help meet regulatory requirements:
| Framework | Coverage |
|---|---|
| SOC 2 | TLS/HSTS, encryption at rest, RBAC, secrets rotation, PII masking, session management, MFA, JIT access, data export controls |
| HIPAA | ePHI encryption, audit logging, minimum necessary access, BAA validation, PHI in URLs/logs |
| GDPR | Consent tracking, data retention, right to deletion, cross-border transfer, privacy by design |
| LGPD | Brazilian privacy requirements, consent management, data subject rights, DPO notification |
| PCI-DSS | CHD/PAN handling, TLS 1.2+, tokenization, secure key management, cardholder data exposure |
| OWASP Top 10 | Injection, XSS, CSRF, authentication, access control, security misconfigs, vulnerable components |
| OWASP LLM Top 10 | Prompt injection, data leakage, excessive agency, model denial of service |
Custom Rules
Don't see a check you need? Add project-specific rules for your team's patterns:
# .diffray/rules/team-standards.yaml
rules:
- id: use_internal_logger
agent: quality
title: "Use internal logger"
tags: [logging, conventions]
match:
file_glob: ["src/**/*.ts"]
checklist:
- "Find console.log calls"
- "Suggest using logger from @/lib/logger"
Don't see your technology? That doesn't mean diffray can't review it — it just may not know some specific patterns or best practices for that stack. We're constantly expanding coverage. Let us know what you'd like to see supported!