tartufo icon indicating copy to clipboard operation
tartufo copied to clipboard

Published 20 hours ago verified publisher icon godaddy

Output reasons for exclusions in verbose mode

Open cburton-godaddy opened this issue 2 years ago • 0 comments

Feature Request

@jwilhelm-godaddy As discussed.

Is your feature request related to a problem? Please describe.

If I have a repository that contains a tartufo.toml such as below.

[tool.tartufo]

exclude-path-patterns = [
    {path-pattern = 'yarn.lock', reason = 'auto generated, contains shas'},
    {path-pattern = '.yalc/', reason = 'auto generated linked deps, contains shas'}
]

exclude-signatures = [
    {signature = 'abc123', reason = 'Represents some fake data for testing purposes'},
    {signature = 'foobar', reason = 'Represents some fake data for testing purposes'}
]

When I run the following command

docker run --rm -v "$(pwd):/git" godaddy/tartufo --config /git/tartufo.toml -v scan-local-repo /git > tartufo-output.txt

I get an output of

Time: 2022-03-29T07:55:16.397387
All clear. No secrets detected.

Excluded paths:
re.compile('yarn.lock')
re.compile('.yalc/')

Excluded signatures:
f44745a1b05ed928e9a19fb2875411334
67b69634f9880a282c14a0f0cb7ba20cf5d677e9

Excluded entropy patterns:

Which does not include the reasons I have entered in my tartufo.toml

Describe the solution you'd like

I would like the output of the tartufo scan to include the reasons I have added to my tartufo.toml, for example something like the below would be useful.

Time: 2022-03-29T07:55:16.397387
All clear. No secrets detected.

Excluded paths:
re.compile('yarn.lock') - auto generated, contains shas
re.compile('.yalc/') - auto generated linked deps, contains shas

Excluded signatures:
f44745a1b05ed928e9a19fb2875411334 - Represents some fake data for testing purposes
67b69634f9880a282c14a0f0cb7ba20cf5d677e9 - Represents some fake data for testing purposes

Excluded entropy patterns:

Describe alternatives you've considered

The alternative is to not output the reasons for the exclusions, but the fact we already output the exclusions it seems a little counter intuitive to not output the reasons why they are excluded also.

Teachability, Documentation, Adoption, Migration Strategy

The -v option doesn't have much documentation around it, this may be a good time to add examples of what the verbose output looks like and how it can help users.

cburton-godaddy avatar Mar 29 '22 08:03 cburton-godaddy