trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard

Published 20 hours ago verified publisher icon trufflesecurity

excluding a file/folder from scanning in github action

Open sjgupta19 opened this issue 3 years ago • 2 comments
trafficstars

Hi, how do I exlcude particular directory from scanning in my github repo? I am using the following trufflehog setup in github actions -

name: TruffleHog Secret Scan uses: trufflesecurity/[email protected] with: path: ./ base: ${{ env.BRANCH }} head: HEAD args: --only-verified

how can I use exclude-path flag in my github workflow?

sjgupta19 avatar Jul 27 '22 20:07 sjgupta19

some help here...

sjgupta19 avatar Aug 11 '22 14:08 sjgupta19

look at action.yml the action itself just runs docker image and passes whatever you want via extra args, with that in place you may achieve that like so:

- uses: trufflesecurity/trufflehog@main
  with:
    path: public
    base: ${{ github.event.repository.default_branch }}
    head: HEAD
    extra_args: --debug --exclude-paths=/path/to/exclude.txt

where /path/to/exclude.txt should be a file containing new line delimited regular expressions to exclude from checks, aka

exclude.txt

node_modules
.log

to check it locally you may run something like that:

docker run --rm -v "${PWD}:/code" ghcr.io/trufflesecurity/trufflehog:latest git file:///code --since-commit main --branch HEAD --fail --exclude-paths=/code/exclude.txt --debug --no-update

mac2000 avatar Oct 30 '22 07:10 mac2000

@mac2000 is right, you can use extra_args: --exclude-paths=/path/to/exclude.txt exclude paths

zricethezav avatar Jan 22 '24 21:01 zricethezav