-
Notifications
You must be signed in to change notification settings - Fork 150
/
.gitguardian.example.yml
79 lines (64 loc) · 2.24 KB
/
.gitguardian.example.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# Required, otherwise ggshield considers the file to use the deprecated v1 format
version: 2
# Set to true if the desired exit code for the CLI is always 0, otherwise the
# exit code will be 1 if incidents are found.
# The environment variable GITGUARDIAN_EXIT_ZERO=true can also be used toggle this behavior.
exit_zero: false # default: false
verbose: false # default: false
# The dashboard URL of the instance
instance: https://dashboard.gitguardian.com # default: https://dashboard.gitguardian.com
# Maximum commits to scan in a hook.
max_commits_for_hook: 50 # default: 50
# Accept self-signed certificates for the API.
allow_self_signed: false # default: false
secret:
# Exclude files and paths by globbing
ignored_paths:
- '**/README.md'
- 'doc/*'
- 'LICENSE'
# Ignore security incidents with the SHA256 of the occurrence obtained at output or the secret itself
ignored_matches:
- name:
match: 530e5a4a7ea00814db8845dd0cae5efaa4b974a3ce1c76d0384ba715248a5dc1
- name: credentials
match: MY_TEST_CREDENTIAL
show_secrets: false # default: false
# Detectors to ignore.
ignored_detectors: # default: []
- Generic Password
iac:
# Exclude files and paths by globbing
ignored_paths:
- '**/README.md'
- 'doc/*'
- 'LICENSE'
- path: 'tests/*'
comment: 'Ignore vulnerabilities in tests'
- path: 'dev/*'
comment: 'Ignore vulnerabilities in dev sandbox'
until: '2030-06-24T00:00:01Z'
# IaC vulnerabilities to ignore
ignored_policies:
- GG_IAC_0000
- GG_IAC_0005
- policy: 'GG_IAC_0003'
until: '2030-06-24T00:00:01Z'
- policy: 'GG_IAC_0012'
comment: 'We will handle this later'
until: '2030-06-24T00:00:01Z'
# Minimum severity of the policies
minimum_severity: HIGH
sca:
# Exclude files and paths by globbing
ignored_paths:
- '**/Pipfile'
- '/back/**/package.json'
# SCA vulnerabilities to ignore
ignored_vulnerabilities:
- identifier: 'GHSA-0000-aaaa-ZZZZ'
path: 'Pipfile.lock' # Can be a regex
comment: 'Check vulnerability later' # Optional
until: '2023-05-01T00:00:00' # Optional, needs to follow ISO 8061 format 'YYYY-MM-DDTHH:MM:SS' (converted to UTC)
# Minimum severity of the policies
minimum_severity: HIGH