Spectral Query Language

We worked hard to create a platform where we can release new detectors for seamlessly, as well as accept custom detectors that you build.

For that, we built SPEQL. Our own proprietary query language that helps you build your own detectors. Most of your detector authoring needs can be covered by Spectral's Hierarchical matching engine (SPHIER).

Here's an example detector, save it to a file ending with .speql.yaml:

.spectral/rules/merchants.speql.yaml
RL001:
name: Merchant IDs
or:
- pattern: MERK_.*
- pattern: MAR_FINDER.*
and:
- pattern: FOOBAR

Spectral will pick up its configuration folder .spectral and realize that there are rules that you've built in .spectral/rules. It will then parse and compile your new detector.

Your new detector will be used immediately in new scans.

🦸‍♀️
Where should I put my custom detectors?
We recommend to check-in your custom rules and custom configuration directly to your repo. In cases where you want to manage those centrally, you can use a Git submodule.