Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

trufflehog scans files outside defined sources #21691

Open
thelittlebug opened this issue Nov 26, 2024 · 1 comment
Open

trufflehog scans files outside defined sources #21691

thelittlebug opened this issue Nov 26, 2024 · 1 comment
Labels
bug

Comments

@thelittlebug
Copy link
Contributor

Describe the bug
i activated trufflehog and it finds secrets in my .envrc.
this is a vague description of my project layout:

/
  src/
    python/
      project1/
        BUILD
      project2/
        BUILD
    shell/
    javascript/
.envrc
pants.toml

there is no BUILD file in the root of my monorepo, so i would expect trufflehog to ignore my .envrc file

Pants version
2.24

OS
im using arch btw... :D
@lilatomic
Copy link
Contributor

Trufflehog is a bit of a special linter, in that it doesn't use targets and uses a pathglob instead. It's using "**" which will pull in everything. I thought that wouldn't pull in files ignored by gitignore and Pants's [GLOBAL].pants_ignore, but apparently not. src

As a workaround, you could specify ".envrc" in the [trufflehog].exclude setting

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thelittlebug @lilatomic