You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create configs in Talisman tool to maintain a list of files/file patterns, categorised by tech scope. For example, Golang scope contains pkg, lock files etc.
Add capability to .talismanrc to accept 'scope to ignore' from users. For example, they can define scope: Golang, bash, Java
Based on the scope selected, Talisman will ignore the file patterns defined in the tool's config. The rest of the files will be scanned in the same way as it does today
This way, we permanently ignore the files that are expected to contain values that would otherwise fail Talisman validations (such as, binary, hex encoded, high shannon entropy etc.) but can be considered harmless since they wouldn't be a place where users can accidentally let secrets out.
go.mod and go.sum for golang with GO111MODULE=on Godeps/Godeps.json and vendor fo godeps users Gopkg.toml, Gopkg.lock, and vendor/ for dep users glide.yaml, glide.lock and 'vendor/forglide` users
This way, we permanently ignore the files that are expected to contain values that would otherwise fail Talisman validations (such as, binary, hex encoded, high shannon entropy etc.) but can be considered harmless since they wouldn't be a place where users can accidentally let secrets out.
Can you suggest an initial list of configs to start with?
@vhasus @aaquibzama-tw @mabaritw @rrajagop @subhrajitroy @jaydeepc and @ our other friends of Talisman
Thanks!
The text was updated successfully, but these errors were encountered: