Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positive Handling #348

Open
DanArlowski opened this issue Oct 3, 2021 · 1 comment
Open

False Positive Handling #348

DanArlowski opened this issue Oct 3, 2021 · 1 comment

Comments

@DanArlowski
Copy link

I Couldn't find any info on this in the docs, credscan fails on false positives (On SVG images to be precise)
Is there any way i can flag files as false positives, maybe a .scanignore or something like that?
@prabhu
Copy link
Contributor

prabhu commented Oct 4, 2021

@DanArlowski For credscan there is a bundled config that is used. You can send a PR by including svg to the extension shown.

https://github.com/ShiftLeftSecurity/sast-scan/blob/master/tools_config/credscan-config.toml#L587

Or you can set the environment variable CREDSCAN_CONFIG pointing to the directory (relative to the docker image) containing your custom credscan config file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prabhu @DanArlowski