false positives in pnpm lockfile #1005
Unanswered
elijaholmos
asked this question in
Q&A
Replies: 1 comment
-
Hey @elijaholmos. Otherwise you can create a custom title = "Custom gitleaks config"
# extend from the default gitleaks toml
[extend]
useDefault = true
[allowlist]
description = "Exclude pnpm lock files"
paths = ['''pnpm-lock.yaml'''] Regards |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I use CI for dependency management in one of my public repos, and recently, a pull request was created that triggered several false positives from the Gitleaks GitHub action; see elijaholmos/halo-discord-extension#51.
Is this an intentional feature with gitleaks? How am I able to stop all package versions with hashes (eg
0.11.0_hc4yn5f4ebzhrwwrb4uuunvgqi
) from being caught by gitleaks in the future?Beta Was this translation helpful? Give feedback.
All reactions