Skip to content

Commit

Permalink
Update docs with link/details to detect-secrets filters (#63)
Browse files Browse the repository at this point in the history 
* Add link/details to detect-secrets filters

It is common to run into false positives when using detect-secrets. Since we have had several open issues, it's best we call out addressing false positives by directing users to the source, the detect-secrets docs Filters section. This updates the dedicated section and also adds a link in the detect_secrets_flag input docs.

* Link each list item to its section

* Fix link markdown formatting

* Update link text

* Update text
  • Loading branch information
@javierjulio
javierjulio authored Apr 15, 2024
1 parent 94733b0 commit 58631d5
Showing 1 changed file with 9 additions and 18 deletions.
27 changes: 9 additions & 18 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,8 @@ Optional. Additional reviewdog flags.

### `detect_secrets_flags`

Optional. Flags and args of detect-secrets command.
The default is `--all-files --force-use-all-plugins`.
Optional. Flags and args of detect-secrets command. The default is `--all-files --force-use-all-plugins`.
This can be used to [exclude paths, secrets or lines to ignore false positives](https://github.com/Yelp/detect-secrets?tab=readme-ov-file#filters).

### `baseline_path`

Expand All @@ -71,22 +71,13 @@ jobs:
reporter: github-pr-review # Change reporter.
```
## Troubleshooting
## Configuration
### False positives
### Preventing false positives
It is possible to disable detection for individual lines of code in case of false positives.
To do this, add a comment at the end of the line with text `pragma: allowlist secret`.
Since the detect-secrets CLI can report false positives, it is likely you will have to configure it by using the `detect_secrets_flags` input to ignore any or use inline comments. There are [4 filtering options to ignore false positives](https://github.com/Yelp/detect-secrets?tab=readme-ov-file#filters):

```yaml
public_key: | # pragma: allowlist secret
gX69YO4CvBsVjzAwYxdG
yDd30t5+9ez31gKATtj4
```

Or add a comment with the text `pragma: allowlist nextline secret` before the line.

```ini
# pragma: allowlist nextline secret
public_key = gX69YO4CvBsVjzAwYxdG
```
- [Excluding file paths](https://github.com/Yelp/detect-secrets?tab=readme-ov-file#--exclude-files)
- [Excluding lines](https://github.com/Yelp/detect-secrets?tab=readme-ov-file#--exclude-lines)
- [Excluding secrets](https://github.com/Yelp/detect-secrets?tab=readme-ov-file#--exclude-secrets)
- [Inlining exclude comments](https://github.com/Yelp/detect-secrets?tab=readme-ov-file#inline-allowlisting-1)

0 comments on commit 58631d5

Please sign in to comment.