Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Allow excluding some paths from scanning #1321

Open
parabolala opened this issue Jul 8, 2022 · 2 comments
Open

Allow excluding some paths from scanning #1321

parabolala opened this issue Jul 8, 2022 · 2 comments

Comments

@parabolala
Copy link

  • terrascan version: v1.15.2
  • Operating System: Linux_x86_64

Description

Terrascan should allow explicitly specifying files/directories to exclude from scanning.

One of terraform config dependency modules (happens to be terraform-google-workload-identity, but doesn't really matter) comes with a bunch of examples in its directory that show up under .terraform/<my obj name>-workload-identity/examples/acm-terraform-blog-part3/config-root/wordpress-bundle.yaml.

Some of these example files don't pass terrascan scans, which is expected. We also really have no control over examples' contents, so end up getting lots of terrascan findings in these /examples/ subdirectories under .terraform.

While the underlying issue in this case is including examples in the module distribution, a reasonable solution is to complement the -d flag that specifies directories to consider with another one to provide the list or pattern of directories to exclude from scan.

@AnhQKatalon
Copy link

Having precisely the same problem. The terrascan returns too many HIGH violations related to the example directory. And we really don't need the terrascan to scan on these dirs.

@TitanRob16
Copy link

Any update? It's coming up to 2 years and this would be a great feature to have.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants