-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathgitguardian.yaml
More file actions
58 lines (50 loc) · 1011 Bytes
/
gitguardian.yaml
File metadata and controls
58 lines (50 loc) · 1011 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
version: 2
# Paths GitGuardian should scan
paths:
include:
- semgrep/
- rules/
- .semgrep/
- semgrep-rules/
- src/
- scripts/
- "*.yaml"
- "*.yml"
exclude:
# Common noisy dirs
- node_modules/
- vendor/
- tests/generated/
- .git/
- dist/
- build/
# Semgrep test cases often intentionally include "secrets"
- tests/
- test/
- semgrep-tests/
- __snapshots__/
# Sensitivity / High-noise filtering
matches:
ignore_known_secrets: true # Don’t re-flag same secret multiple times
ignore_policy_break: false # Enforce failures in CI if needed
ignore_non_production_files: false
# Optional: Override detectors (rarely needed)
detectors:
enabled: []
disabled: []
# CI behaviour
ci:
exit_code:
no_secrets: 0
secrets_found: 1
error: 2
output:
format: sarif
file: ggshield.sarif
# Quota settings
scan_mode:
precommit: true
prepush: true
cicd: true
# Display settings
verbosity: INFO