Doesnt not work with`Gopkg.lock` about talisman HOT 8 CLOSED

@jskswamy Did you add the file name to .talismanignore? Did it still not work?

from talisman.

@harinee yes it works after adding it to .talismanignore file, in the future, may be based on the programming language can this tool automatically ignores certain file?

from talisman.

@jskswamy Certain files like what? Please give some examples.
I would be wary of putting in such any automated way of ignoring files, since it could be very project-specific. Taking time to review the files for false negatives is a lesser nuisance than actually checking in sensitive information on your repos.

from talisman.

The current solution works very well and there is no need to auto ignoring files since its related to security.

from talisman.

Even if I ignore Gopkg.lock, talisman reports it next time I add a new go dependency. This is quite annoying as this file is not going to contain any secret Gopkg.lock AFAIK.

Maybe we could allow the user to ignore files completely from talisman.

from talisman.

Also, vendor/ directory which contains go code of external dependencies is being scanned by talisman.

It would be better if I could ignore the entire directory from being scanned.

from talisman.

@arunvelsriram there is more risk to opening up an option of completely ignoring specific files/folder FOREVER, than it brings benefit.
Also, we have continually strived to keep Talisman agnostic of the tech stack that one uses.
We have already put in effort to simplify finding the checksum to update in .talismanrc by either finding it on your console when you try to commit/push, OR by calculating the checksum for multiple files at once using the checksum calculator before making a commit.

from talisman.

For the record, we have raised #122 to handle requests specific to files generated by tech stacks. Please track the same

from talisman.