Skip to content

v1.4.0
Compare
Choose a tag to compare
@wayneashleyberry wayneashleyberry released this 24 Sep 10:19
· 14 commits to main since this release
v1.4.0
This tag was signed with the committer’s verified signature.
wayneashleyberry w14y
GPG key ID: 2F82163B3D827910
Verified
Learn about vigilant mode.
f580d8a
This commit was signed with the committer’s verified signature.
wayneashleyberry w14y
GPG key ID: 2F82163B3D827910
Verified
Learn about vigilant mode.

This release adds signature exclusion reasons to your tartufo.toml when using the quick action. Exclusion reasons are often documented with comments, but most toml parsers do not retain comments. To work around this, I have added a separate configuration object in which the exclusion reasons can be documented.

Generated tartufo.toml files will now look like this:

[tool.tartufo]
repo-path = "."
cleanup = true
regex = true
entropy = true
exclude-path-patterns = ["tartufo.toml"]
exclude-signatures = [
    "e7c7953f1d814374d50ab0ce75371a2145048318b6d41ee132680746298daf74",
]

[tool.tartufo.exclude-signature-reasons]
e7c7953f1d814374d50ab0ce75371a2145048318b6d41ee132680746298daf74 = "README.md: <Reason for exclusion>"
Assets 2
Loading