osv-scanner icon indicating copy to clipboard operation
osv-scanner copied to clipboard
verified publisher icon google

Option to skip or ignore files and folder while scanning for Vulnerabilities

Open mpachaia opened this issue 1 month ago • 1 comments

Ignore certain files and folders while scanning for vulnerabilities from a path or location of the project such as Test files and Documentations.

Enhancement looking forward: Option to skip or ignore one or more files and folder from the project while scanning for vulnerabilities.

Reference URL: https://github.com/Kong/kong

When we try to scan the above mentioned repository most of the vulnerabilities were detected in the documents and test files. due to which the repository failed.

mpachaia avatar Nov 06 '25 08:11 mpachaia

You should be able to use osv-scanner.toml files for most of this - if you create a config file with the following, the scanner will completely ignore the directory:

[[PackageOverrides]]
ignore = true

That will also be respected by tools like scorecard, and what we use ourselves for this same situation.

What that doesn't let you do is ignore specific files, so e.g. if you have a directory with multiple files and you only want one them ignored, that's not possible, but I don't feel like that is a good idea to begin with...?

G-Rath avatar Nov 06 '25 18:11 G-Rath