-
Notifications
You must be signed in to change notification settings - Fork 241
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
scopeconfig doesn't seem to ignore package-lock.json #360
Comments
Talisman does not use the .talismanrc in the scan mode. It is used for the pre-hook mode. This is mentioneded here. : "Talisman currently does not support ignoring of files for scanning". |
Note sure if that's accurate. I'm running the following command: ./talisman_linux_amd64 --scan with contents of .talismanrc as follows. It's picking the custom patterns correctly but not the scopeconfig. scopeconfig:
|
@varaamo : Scan with ignores was a special build created a long time ago for your usage. |
@svishwanath-tw: Is there a way you can build me a version of a scan with scopeconfig and custom_patterns. We are using a pre-receive secrets scanning hook that I built at my work place using the version of talisman cli you'd provided me earlier. Currently there is a need to ignore package-lock.json and other manifest files from the scans due to the false positives. Much appreciated if you can help. |
@varaamo : I'm closing this issue now. Please consider open-sourcing the pre-receive script. I think others would find it useful. |
Adding the following lines to .talismanrc doesn't seem to ignore the package-lock.json file. I added these lines and ran talisman --scan and it still reports the integrity fields as potential issues
scopeconfig:
The text was updated successfully, but these errors were encountered: