dotpaul
commented
1 year ago To suppress issues, you can create a .gdn/.gdnsuppress file as described in https://github.com/microsoft/security-devops-azdevops/issues/38#issuecomment-1509461347
We have a work item in our backlog to document this process more formally
I have the action running as a step in my Azure DevOps build pipline, specifying the 'secrets' category that runs CredScan.
There are a few false positives in non C# files (json, Dockerfile) that I want to suppress. However, I am unsure of how to pass the suppressions file path to credscan for this and it's missing in the documentation. Can you tell me how (and maybe add to the docs)?