Add `--exclude-paths` flag to github module

[bugbaba]

Hi :)

Is your feature request related to a problem? Please describe. Files like yarn.lock, package-lock.json, etc are only used to keep track of dependencies of a project. They are getting matched as finding by signable.go regex for example in this below case -explode-assignable-expression-7 was matched by the regex in yarn.lock file.

Describe the solution you'd like Add --exclude-paths flag to github module. Currently its available for git module only. So that users can exclude files/directories manually as per their use case this will help in reducing the false positive cases and the time taken to scan the repository.

Describe alternatives you've considered Using the --only-verified flag can be used to stop this from showing as finding as the match won't work against the API. But this isn't an efficient/best way to solve this issue in my opinion. --exclude-paths flag is more practical specially when the user knows these files need to ignored.

[cdavie-weconnect]

I would also like a way to exclude paths when using the Github Action, specifically when testing locally with https://github.com/nektos/act. It would be extra convenient if it could respect my gitignore.

[manoelhc]

I like the .<app>ignore approach. For example, a .thignore file could be more helpful once you can exclude paths by repo and you wouldn't need to create long command lines.

[danielfree]

I'd like to have a similar function when scanning the entire org but exclude several repos, because there're some forked open-source projects that will generate tons of unverified results, e.g., JDBC url in test cases( jdbc:postgresql://localhost:5432/****)

[ahrav]

closing this as it looks like a fix for this was merged in on Feb 9.