exclude-entropy-patterns ignored

[yhan1-godaddy]

🐛 Bug Report

I copied the example in doc: https://tartufo.readthedocs.io/en/stable/configuration.html#entropy-exclusion-patterns
But it seems tartufo (3.0.0) is not picking this config up.
[tool.tartufo] repo-path = "." json = true regex = true exclude-path-patterns = [ { path-pattern = 'tartufo.toml', reason = 'ignore any excluded signatures' }, { path-pattern = '(.*/)?package-lock.json', reason = 'ignore any package hashes' }, { path-pattern = 'CHANGELOG.md', reason = 'ignore changelog' }, { path-pattern = '(.*)/(.*).svg', reason = 'ignore SVG' } ] exclude-entropy-patterns = [ {path-pattern = 'docs/.*\.md$', pattern = '^[a-zA-Z0-9]$', reason = 'exclude all git SHAs in the docs'}, {path-pattern = '\.github/workflows/.*\.yml', pattern = 'uses: .*@[a-zA-Z0-9]{40}', reason = 'GitHub Actions'} ]

Here is the output from running tartufo
{"scan_time": "2022-03-08T15:18:57.931571", "project_path": "...", "output_dir": null, "excluded_paths": ["CHANGELOG.md", "(.*)/(.*).svg", "tartufo.toml", "(.*/)?package-lock.json"], "excluded_signatures": [], "exclude_entropy_patterns": [], "found_issues": [{"file_path":

To Reproduce

1. Add exclude-entropy-patterns section to tartufo.toml in repo
2. Run tartufo on repo: tartufo -of json scan-local-repo /some-git-repo

Expected Behavior

It should use exclude-entropy-patterns defined in tartufo.toml.

Code Example

Environment

[smimani-godaddy]

This is fixed by #344 . Steps to test:

• Remove this line from pyproject.toml in local dev-environment in the Tartufo Repo

{path-pattern = '\.github/workflows/(.*)\.yml', reason = 'Excluding workflow files \.github/workflows/(.*)\.yml from being scanned'},

• Add this

exclude-entropy-patterns = [
    {path-pattern = '\.github/workflows/.*\.yml', pattern = 'uses: .*@[a-zA-Z0-9]{40}', reason = 'GitHub Actions'}
]

• Run scan using code in the main branch

(tartufo-97X9GmiJ-py3.7) smimani@Sushant's MacBook Pro:~/GoDaddy/tartufo(main⚡) » tartufo scan-local-repo .                                                                                                                        1 ↵
Time: 2022-04-01T16:07:27.189731
All clear. No secrets detected.

[tarkatronic]

This is fixed by #344 . Steps to test:

• Remove this line from pyproject.toml in local dev-environment in the Tartufo Repo

{path-pattern = '\.github/workflows/(.*)\.yml', reason = 'Excluding workflow files \.github/workflows/(.*)\.yml from being scanned'},

• Add this

exclude-entropy-patterns = [
    {path-pattern = '\.github/workflows/.*\.yml', pattern = 'uses: .*@[a-zA-Z0-9]{40}', reason = 'GitHub Actions'}
]

• Run scan using code in the main branch

(tartufo-97X9GmiJ-py3.7) smimani@Sushant's MacBook Pro:~/GoDaddy/tartufo(main⚡) » tartufo scan-local-repo .                                                                                                                        1 ↵
Time: 2022-04-01T16:07:27.189731
All clear. No secrets detected.

This is great, thank you for testing that out @smimani-godaddy!! With that, I will close this ticket and get a new bugfix release out! 🎉