Request ignore file feature when using talisman --scan

[onwerzz2002]

Is your feature request related to a problem? Please describe. I'm always frustrated when using talisman --scan on our azure pipeline because there are some files checked into the repo only for testing purpose, and those files contain sensitive data but does not hurt since those data are synthetic. So we use talisman scan to see if there are some real sensitive data that we unexpectedly check into our repo, but we still want to check in some files containing sensitive data solely for testing purpose at the same time.

Describe the solution you'd like So on local we can add files in .talismanrc to be ignored by talisman before committing code change which is pretty helpful. However, as here in Git history scanner session says, Talisman currently does not support ignoring files for scanning. https://github.com/thoughtworks/talisman#git-history-scanner

When using talisman --scan, we hope we can still have the flexibility to choose which files we want them to be ignored.

[harinee]

@vhasus are you working on this? Please sign up on the issue/provide further info if you have further comments.

[AbsoLouie]

What patterns would we want to use for this feature? It seems like we can submit a negative pattern !(file) to the git ls-tree -r call but it doesn't allow you to wildcard directory names (i.e. git ls-tree -r !(**/*.go) will not work).

Another option would be to use a regex on the result channel between putBlobsInChannel and getBlobsFromChannel but it add time on large commit histories.

[nasreenwahab]

@onwerzz2002 Can you please share how you set up the talisman git scan in the azure pipeline? did you have to install talisman for every build?