-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for .trufflehogignore file #2687
Labels
Comments
Would be nice, I have a jank wrapper which SHA256s the secret and checks if its in a list of hashes I maintain for secrets which are fine to ignore before I process the output from trufflehog |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please review the Community Note before submitting
Description
It'd be nice to have support for a .trufflehogignore file. In this file you could add "fingerprints"/trufflehog json output of secret findings that are either false positives or have been rotated previously. This way you won't have to rebase the entire repository and still be able to ignore findings that have already been resolved. I think this would be a nice alternative to rebasing the repository as rotated/false positive secrets are not problematic if they stay in the repository IMO.
Preferred Solution
A .trufflehogignore file containing either fingerprints (hashes of the findings) or the JSON output of findings.
Additional Context
I'd be willing to work on this, I'd like to hear what the contents of the .trufflehogignore file should be.
References
The text was updated successfully, but these errors were encountered: