search

GitGuardian / ggshield

Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
https://gitguardian.com
MIT License
1.62k stars 143 forks source link

Add an option to make `secret scan path` honor .gitignore files #801

Closed agateau-gg closed 2 months ago

agateau-gg commented 9 months ago

Is your feature request related to a problem? Please describe.

ggshield secret scan path does not honor the content of .gitignore files. When running it at the root of a git checkout, this often causes it to scan files it should not scan, since they are not part of the repository content.

Describe the solution you'd like

secret scan path should support a --honor-gitignore or --ignore-vcs option to honor .gitignore files and related files (.git/info/exclude, $HOME/.config/git/ignore).

Regarding naming: --honor-gitignore is more explicit I think, but verbose. --ignore-vcs is used by other tools such as fd and ripgrep.

Additional context

ggshield low-level code already knows how to honor .gitignore files (including .git/info/exclude and $HOME/.config/git/ignore). We "just" need to expose the setting to the CLI.

agateau-gg commented 2 months ago

This has been implemented and will be in 1.29.0.