GitGuardian · agateau-gg · Dec 3, 2024 · Nov 29, 2024
@@ -0,0 +1,41 @@
+<!--
+A new scriv changelog fragment.
+
+Uncomment the section that is right (remove the HTML comment wrapper).
+-->
+
+<!--
+### Removed
+
+- A bullet item for the Removed category.
+
+-->
+<!--
+### Added
+
+- A bullet item for the Added category.
+
+-->
+
+### Changed
+
+- When scanning commits, ggshield will ignore by default secrets which are removed or contextual to the patch.
+
+<!--
+### Deprecated
+
+- A bullet item for the Deprecated category.
+
+-->
+<!--
+### Fixed
+
+- A bullet item for the Fixed category.
+
+-->
+<!--
+### Security
+
+- A bullet item for the Security category.
+
+-->
@@ -28,6 +28,7 @@ class IgnoreReason(Enum):
     IGNORED_MATCH = "ignored_match"
     IGNORED_DETECTOR = "ignored_detector"
     KNOWN_SECRET = "known_secret"
+    NOT_INTRODUCED = "not_introduced"
 
 
 class Result:

@@ -7,7 +7,13 @@
 from typing import Dict, Iterable, List, Optional, Union
 
 from pygitguardian import GGClient
-from pygitguardian.models import APITokensResponse, Detail, MultiScanResult, TokenScope
+from pygitguardian.models import (
+    APITokensResponse,
+    Detail,
+    DiffKind,
+    MultiScanResult,
+    TokenScope,
+)
 
 from ggshield.core import ui
 from ggshield.core.cache import Cache
@@ -220,6 +226,11 @@ def _collect_results(
                 )
                 if not scan_result.has_policy_breaks:
                     continue
+                result.apply_ignore_function(
+                    IgnoreReason.NOT_INTRODUCED,
+                    lambda policy_break: policy_break.diff_kind
+                    in {DiffKind.DELETION, DiffKind.CONTEXT},
+                )
                 result.apply_ignore_function(
                     IgnoreReason.IGNORED_MATCH,
                     lambda policy_break: is_in_ignored_matches(