From 5d5521af5fffcaacb902999e5d96a59fd355db14 Mon Sep 17 00:00:00 2001 From: Mick Grove Date: Mon, 14 Jul 2025 17:09:04 -0700 Subject: [PATCH] Removed --ignore-tests argument, because the --exclude flag provides more granular functionality --- CHANGELOG.md | 3 ++- README.md | 10 ++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fb1ede4..d9bce79 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,8 @@ All notable changes to this project will be documented in this file. - Added validation for JWT tokens that checks `exp` and `nbf` claims - JWT validation performs OpenID Connect discovery using the `iss` claim and verifies signatures via JWKS - Removed `--ignore-tests` argument, because the `--exclude` flag provides more granular functionality - +- DigitalOcean rule update +- Adafruit rule update ## [1.20.0] - Removed confirmation prompt when user provides --self-update flag diff --git a/README.md b/README.md index 0797344..f94fc36 100644 --- a/README.md +++ b/README.md @@ -140,12 +140,14 @@ kingfisher scan /path/to/repo --rule-stats ### Scan while ignoring likely test files +`--exclude` skips any file or directory whose path matches this glob pattern (repeatable, uses gitignore-style syntax, case sensitive) + ```bash # Scan source but skip likely unit / integration tests kingfisher scan ./my-project \ - --exclude='test' \ + --exclude='[Tt]est' \ --exclude='spec' \ - --exclude='fixture' \ + --exclude='[Ff]ixture' \ --exclude='example' \ --exclude='sample' ``` @@ -155,7 +157,7 @@ kingfisher scan ./my-project \ # Skip all Python files and any directory named tests kingfisher scan ./my-project \ --exclude '*.py' \ - --exclude tests + --exclude '[Tt]ests' ``` If you want to know which files are being skipped, enable verbose debugging (-v) when scanning, which will report any files being skipped by the baseline file (or via --exclude): @@ -309,7 +311,7 @@ kingfisher github repos list --organization my-org - `--no-extract-archives`: Do not scan inside archives - `--extraction-depth `: Specifies how deep nested archives should be extracted and scanned (default: 2) - `--redact`: Replaces discovered secrets with a one-way hash for secure output -- `--exclude `: Skip any file or directory whose path matches this glob pattern (repeatable, uses gitignore-style syntax) +- `--exclude `: Skip any file or directory whose path matches this glob pattern (repeatable, uses gitignore-style syntax, case sensitive) - `--baseline-file `: Ignore matches listed in a baseline YAML file - `--manage-baseline`: Create or update the baseline file with current findings