Comments (8)
@jskswamy Did you add the file name to .talismanignore? Did it still not work?
from talisman.
@harinee yes it works after adding it to .talismanignore
file, in the future, may be based on the programming language can this tool automatically ignores certain file?
from talisman.
@jskswamy Certain files like what? Please give some examples.
I would be wary of putting in such any automated way of ignoring files, since it could be very project-specific. Taking time to review the files for false negatives is a lesser nuisance than actually checking in sensitive information on your repos.
from talisman.
The current solution works very well and there is no need to auto ignoring files since its related to security.
from talisman.
Even if I ignore Gopkg.lock
, talisman
reports it next time I add a new go
dependency. This is quite annoying as this file is not going to contain any secret Gopkg.lock
AFAIK.
Maybe we could allow the user to ignore files completely from talisman
.
from talisman.
Also, vendor/
directory which contains go
code of external dependencies is being scanned by talisman
.
It would be better if I could ignore the entire directory from being scanned.
from talisman.
@arunvelsriram there is more risk to opening up an option of completely ignoring specific files/folder FOREVER, than it brings benefit.
Also, we have continually strived to keep Talisman agnostic of the tech stack that one uses.
We have already put in effort to simplify finding the checksum to update in .talismanrc by either finding it on your console when you try to commit/push, OR by calculating the checksum for multiple files at once using the checksum calculator before making a commit.
from talisman.
For the record, we have raised #122 to handle requests specific to files generated by tech stacks. Please track the same
from talisman.
Related Issues (20)
- talisman: no such file or directory (Visual studio, windows)
- How to detect divering file chesums before a commit
- Using "allowed_patterns" does not work with file paths that contain wildcards
- Potentially invalid checksum in githook report HOT 2
- Allow download of binary only without forcing a git hook HOT 1
- Release 1.30.1: go: updates to go.mod needed HOT 2
- Custom pattern does not apply for filename HOT 1
- Custom Pattern not detected in .talismanrc HOT 1
- talisman is letting me commit my secret data on GitHub
- Talisman stuck on "Analysing transaction" HOT 1
- Scan Error: Out of Memory
- Talisman broken with pre-commit because the executable is not included HOT 1
- Official github action
- Auto update version when pre-commit hook is invoked HOT 3
- panic: error parsing regexp HOT 1
- Install failure: aarch64 not recognized as equivalent to arm64 HOT 1
- allowed_patterns when used in fileignoreconfig at the file level only results in warnings later wrt .talismanrc file itself
- Install binary to standard location (e.g. /usr/local/bin)
- unable to run the scan
- fileignoreconfig in talisman are not considered in scan mode
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from talisman.