-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
False Positive Handling #348
Comments
@DanArlowski For credscan there is a bundled config that is used. You can send a PR by including svg to the extension shown. https://github.com/ShiftLeftSecurity/sast-scan/blob/master/tools_config/credscan-config.toml#L587 Or you can set the environment variable CREDSCAN_CONFIG pointing to the directory (relative to the docker image) containing your custom credscan config file. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I Couldn't find any info on this in the docs, credscan fails on false positives (On SVG images to be precise)
Is there any way i can flag files as false positives, maybe a
.scanignore
or something like that?The text was updated successfully, but these errors were encountered: