scorecard icon indicating copy to clipboard operation
scorecard copied to clipboard
verified publisher icon ossf

Option to skip or ignore files and folder while scanning for Vulnerabilities

Open mpachaia opened this issue 1 month ago • 1 comments

Is your feature request related to a problem? Please describe. Ignore certain files and folders while scanning for vulnerabilities from a path or location of the project such as Test files and Documentations

Describe the solution you'd like Option to skip or ignore one or more files and folder from the project while scanning for vulnerabilities.

Reference URL: https://github.com/Kong/kong

When we try to scan the above mentioned repository most of the vulnerabilities were detected in the documents and test files, due to which the repository failed the vulnerabilities criteria with low score.

mpachaia avatar Nov 06 '25 08:11 mpachaia

Our usage of osv-scanner for vulnerability scanning does respect their configuration practices: https://google.github.io/osv-scanner/configuration/

so in /path/to/dir/osv-scanner.toml

# ignore everything in the current directory
[[PackageOverrides]]
ignore = true

spencerschrock avatar Nov 20 '25 15:11 spencerschrock