- Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file

- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore, gitleaks:allow and trufflehog:ignore
2025-10-09 20:53:17 -07:00 · 2025-10-09 20:53:17 -07:00 · 92de1ba63d
commit 92de1ba63d
parent 220aa83936
14 changed files with 1 additions and 1052 deletions
--- a/README.md
+++ b/README.md
@ -117,7 +117,7 @@ See ([docs/COMPARISON.md](docs/COMPARISON.md))
  - [Notable Scan Options](#notable-scan-options)
  - [Understanding `--confidence`](#understanding---confidence)
    - [Ignore known false positives](#ignore-known-false-positives)
-      - [Inline ignore directives](#inline-ignore-directives)
+    - [Inline ignore directives](#inline-ignore-directives)
  - [Finding Fingerprint](#finding-fingerprint)
  - [Rule Performance Profiling](#rule-performance-profiling)
  - [CLI Options](#cli-options)
--- a/README.md.orig
+++ b/README.md.orig
--- a/src/main.rs
+++ b/src/main.rs
@ -438,7 +438,6 @@ fn create_default_scan_args() -> cli::commands::scan::ScanArgs {
        skip_word: Vec::new(),
        output_args: OutputArgs { output: None, format: ReportOutputFormat::Pretty },
        no_base64: false,
-        compat_ignore_comments: false,
        no_inline_ignore: false,
    }
 }
--- a/src/reporter.rs
+++ b/src/reporter.rs
@ -864,7 +864,6 @@ mod tests {
            manage_baseline: false,
            skip_regex: Vec::new(),
            skip_word: Vec::new(),
-            compat_ignore_comments: false,
            no_inline_ignore: false,
        };

--- a/src/reporter/json_format.rs
+++ b/src/reporter/json_format.rs
@ -164,7 +164,6 @@ mod tests {
            skip_regex: Vec::new(),
            skip_word: Vec::new(),
            no_base64: false,
-            compat_ignore_comments: false,
            no_inline_ignore: false,
        }
    }
--- a/tests/int_allowlist.rs
+++ b/tests/int_allowlist.rs
@ -134,7 +134,6 @@ fn run_skiplist(skip_regex: Vec<String>, skip_skipword: Vec<String>) -> Result<u
        skip_regex: skip_regex,
        skip_word: skip_skipword,
        no_base64: false,
-        compat_ignore_comments: false,
        no_inline_ignore: false,
    };

--- a/tests/int_bitbucket.rs
+++ b/tests/int_bitbucket.rs
@ -111,7 +111,6 @@ fn test_bitbucket_remote_scan() -> Result<()> {
            since_commit: None,
            branch: None,
        },
-        compat_ignore_comments: false,
        content_filtering_args: ContentFilteringArgs {
            max_file_size_mb: 25.0,
            no_extract_archives: false,
--- a/tests/int_dedup.rs
+++ b/tests/int_dedup.rs
@ -131,7 +131,6 @@ rules:
            since_commit: None,
            branch: None,
        },
-        compat_ignore_comments: false,
        content_filtering_args: ContentFilteringArgs {
            max_file_size_mb: 5.0,
            extraction_depth: 1,
--- a/tests/int_github.rs
+++ b/tests/int_github.rs
@ -118,7 +118,6 @@ fn test_github_remote_scan() -> Result<()> {
            since_commit: None,
            branch: None,
        },
-        compat_ignore_comments: false,
        content_filtering_args: ContentFilteringArgs {
            max_file_size_mb: 25.0,
            no_extract_archives: false,
--- a/tests/int_gitlab.rs
+++ b/tests/int_gitlab.rs
@ -138,7 +138,6 @@ fn test_gitlab_remote_scan() -> Result<()> {
        skip_regex: Vec::new(),
        skip_word: Vec::new(),
        no_base64: false,
-        compat_ignore_comments: false,
        no_inline_ignore: false,
    };

@ -254,7 +253,6 @@ fn test_gitlab_remote_scan_no_history() -> Result<()> {
            since_commit: None,
            branch: None,
        },
-        compat_ignore_comments: false,
        content_filtering_args: ContentFilteringArgs {
            max_file_size_mb: 25.0,
            no_extract_archives: false,
--- a/tests/int_redact.rs
+++ b/tests/int_redact.rs
@ -95,7 +95,6 @@ async fn test_redact_hashes_finding_values() -> Result<()> {
            since_commit: None,
            branch: None,
        },
-        compat_ignore_comments: false,
        content_filtering_args: ContentFilteringArgs {
            max_file_size_mb: 25.0,
            extraction_depth: 2,
--- a/tests/int_slack.rs
+++ b/tests/int_slack.rs
@ -124,7 +124,6 @@ impl TestContext {
            skip_regex: Vec::new(),
            skip_word: Vec::new(),
            no_base64: false,
-            compat_ignore_comments: false,
            no_inline_ignore: false,
        };

@ -228,7 +227,6 @@ async fn test_scan_slack_messages() -> Result<()> {
            since_commit: None,
            branch: None,
        },
-        compat_ignore_comments: false,
        content_filtering_args: ContentFilteringArgs {
            max_file_size_mb: 25.0,
            extraction_depth: 2,
--- a/tests/int_validation_cache.rs
+++ b/tests/int_validation_cache.rs
@ -174,7 +174,6 @@ async fn test_validation_cache_and_depvars() -> Result<()> {
            since_commit: None,
            branch: None,
        },
-        compat_ignore_comments: false,
        content_filtering_args: ContentFilteringArgs {
            max_file_size_mb: 25.0,
            extraction_depth: 2,
--- a/tests/int_vulnerable_files.rs
+++ b/tests/int_vulnerable_files.rs
@ -117,7 +117,6 @@ impl TestContext {
                since_commit: None,
                branch: None,
            },
-            compat_ignore_comments: false,
            content_filtering_args: ContentFilteringArgs {
                max_file_size_mb: 25.0,
                extraction_depth: 2,
@ -252,7 +251,6 @@ impl TestContext {
            skip_regex: Vec::new(),
            skip_word: Vec::new(),
            no_base64: false,
-            compat_ignore_comments: false,
            no_inline_ignore: false,
        };