megalinter icon indicating copy to clipboard operation
megalinter copied to clipboard

Published 20 hours ago • verified publisher icon oxsecurity

secretlint documentation bug re: no .secretlintignore file

Open KlfJoat opened this issue 1 year ago • 1 comments

Describe the bug I was wondering about the behavior of secretlint and looked at #2992. It led me to see that there is a difference between implementation and documentation.

The documentation at https://megalinter.io/latest/descriptors/repository_secretlint/ says:

See How to ignore files and directories with secretlint If custom .secretlintignore ignore file is not found, .secretlintignore will be used

Expected behavior To me, this implies that if I do not configure a .secretlintignore file, then a default one will be generated on the fly with the same contents as at that link, then the file will be discarded.

Actual behavior However, the actual code shows that if a custom .secretlintignore file is not found, then .gitignore will be used, not a default.

Desired outcome Update the documentation to match the implementation.

KlfJoat avatar Jan 25 '24 19:01 KlfJoat

Default .secreetlintignire that is shipped with MegaLinter image is not .gitignore but a default file containing megalinter-reports :)

https://github.com/oxsecurity/megalinter/blob/main/TEMPLATES/.secretlintignore

nvuillam avatar Jan 27 '24 17:01 nvuillam

@nvuillam As far as I got the description above and the code, the issue is that when I have no .secretlintignore locally, it will not use the default .secretlintignore shipped with the MegaLinter image/from the TEMPLATES dir but tries to use a local .gitignore instead.

The default .secretlintignore only contains

megalinter-reports

which is likely part of .gitignore files in repos anyway. Also, using it would likely result in .gitignore-ed files not to be excluded anymore.

To me, it could make sense

  • to adjust the documentation to state the actual behavior,
  • and to remove the file from the TEMPLATES/ dir.

pjungermann avatar Feb 23 '24 14:02 pjungermann

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

If you think this issue should stay open, please remove the O: stale 🤖 label or comment on the issue.

github-actions[bot] avatar Mar 25 '24 00:03 github-actions[bot]

@pjungermann sorry for the delay (very long days at work ^^)

I agree with your solution, would you like to make a PR ? :)

nvuillam avatar Mar 26 '24 23:03 nvuillam

FYI: relates to #1207

pjungermann avatar Apr 08 '24 22:04 pjungermann