ShiftLeftSecurity / sast-scan

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
https://discord.gg/DCNxzaeUpd
Apache License 2.0
804 stars 111 forks source link

Exclude the terraform lockfile from credscan #305

Closed xortim closed 3 years ago

xortim commented 3 years ago

Terraform implemented a lockfile and recommends checking it into git. Gitleaks sees the high entropy in the file and exits non-zero. This file should be ignored for cred scanning.

prabhu commented 3 years ago

Thank you! Will you be interested in providing terraform lock file support for cdxgen? https://github.com/appthreat/cdxgen . This is used to produce the bill of materials and dependency scanning.

xortim commented 3 years ago

This definitely looks like something I could make use of, I'll take a closer look and consider it!