Ignore multiple files Scan

[rafaelsilvaa10]

Hello, I nedd to help in my scan.

In my scan it is accusing two vulnerabilities found:

    "public/index.html": [
      {
        "hashed_secret": "f17c42f8asdsada2asdax15bdd019",
        "is_verified": false,
        "line_number": 9,
        "type": "Secret File"
      }
    ]
  },

package-lock.json
      {
        "hashed_secret": "15ce09b2617a543436a322cdc2a4acfacc442b39",
        "is_verified": false,
        "line_number": 8562,
        "type": "Base64 High Entropy String"
      },

How can I do to ignore these two files, because they are false positives ?

I can ignore 1 file, however two files did not work.

I tried to run passing the exclude files.

detect-secrets scan . --exclude-files='public/index.html, package-lock.json'

Has anyone managed to make multiple files work?
thank you so much

[domanchi]

@rafaelsilvaa10, the --exclude-files flag requires a regex. See its documentation for more details. You can also use https://regexr.com/ to ensure that your constructed regex meets your requirements.

From your invocation command, it looks like the files aren't matching the regex you specified.