earlybird icon indicating copy to clipboard operation
earlybird copied to clipboard

Published 20 hours ago verified publisher icon americanexpress

Ignore false positive string

Open Cr0n1c opened this issue 2 years ago • 1 comments

I see that we have a way of ignoring a file. Can we introduce a way to ignore a string as well?

example: in my .env.example I have placeholders

my_secret=ThisIsASecretToReplace

I want them to see this in the first run and then add "ThisIsASecretToReplace" to an exception list. By doing this, it still forces them to think about the data they are putting in .env.example and will always require the initial review of the finding. Currently I have to ignore the file .env.example altogether which means if someone actually puts a secret in there that is valid then no one will be monitoring (outside of the PR review).

Cr0n1c avatar Jun 06 '22 14:06 Cr0n1c

you can add a custom false-positive to ignore the specific finding you want . This might help -> https://github.com/americanexpress/earlybird/blob/main/docs/FALSEPOSITIVES.md

grinish21 avatar Jun 06 '22 18:06 grinish21

No response from user

grinish21 avatar Feb 13 '23 18:02 grinish21