Allow skipping git commit metadata scanning #3866
Comments
|
Thank you for taking the time to open this issue, we really appreciate your contribution to the project! Thanks again for helping make this project better! |
kashifkhan0771
added
the
pkg/sources
|
Hello, I have a followup question: Are you able to share any more information about what, specifically, is being detected? In particular: Is TruffleHog reporting its findings as verified secrets, or as unverified? If it's the former, that sounds like a verification bug we should fix. If it's the latter, can you describe your workflow that requires the detection of unverified secrets? (I ask because that type of scan is not very common and we're curious to learn about use cases that require it when we encounter them.) |
Description
A feature was added after #2683 that allows scanning for secrets in Commit messages. We have a use case where we want to skip this scan as we are adding some tracking params in our git commit messages that trufflehog is detecting as secrets.
Preferred Solution
Create a new flag like for eg --skip-metadata-scanning to skip scanning commit messages
References
#2683
#2713
The text was updated successfully, but these errors were encountered: