From a9123135db3c2122e274aa77d9c509fb5647568d Mon Sep 17 00:00:00 2001
From: Scott Luu <scott@boostsecurity.io>
Date: Wed, 12 Nov 2025 09:33:20 -0500
Subject: [PATCH] BST-17875: add forbidden component rule for sci-sca scanner

Signed-off-by: Scott Luu <scott@boostsecurity.io>
---
 .../boostsecurityio/sci-sca/rules.yaml                | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/server-side-scanners/boostsecurityio/sci-sca/rules.yaml b/server-side-scanners/boostsecurityio/sci-sca/rules.yaml
index 1e247bd7..995bd0e3 100644
--- a/server-side-scanners/boostsecurityio/sci-sca/rules.yaml
+++ b/server-side-scanners/boostsecurityio/sci-sca/rules.yaml
@@ -16,3 +16,14 @@ rules:
     pretty_name: Use of Unsafe AI model
     ref: https://huggingface.co/docs/hub/en/security-pickle
     recommended: true
+  forbidden-component:
+    categories:
+      - ALL
+      - boost-baseline
+      - use-of-forbidden-component
+    description: Project with Unauthorized Component
+    name: forbidden-component
+    group: component-violations
+    pretty_name: Project with Unauthorized Component
+    ref: https://docs.boostsecurity.io/rules/index.html 
+    recommended: true