secrets analyzer ignores exclude rules
Attempts to exclude a path from the processing of gitleaks and TruffleHog are ignored or not possible. In the case of NodeJS the node_modules directory should be ignored, but is processed regardless of exclude rules added.
Steps to reproduce
The following gitleaks.toml file does not allow the exclusion of a path such as node_modules;
[whitelist] files = [ "node_modules" ]
Looking at the secrets Dockerfile a pre-baked gitleaks.toml is provided.
How to add to this without building our own analyzer?
TruffleHog doesn't appear to have a way of passing a similar configuration to the analyzer.
What is the current bug behavior?
Still processes an excluded path.
What is the expected correct behavior?
Ignore the excluded path.
Relevant logs and/or screenshots
2019/04/26 02:36:30 [secrets] Detect project using plugin 2019/04/26 02:36:30 [secrets] Project is compatible 2019/04/26 02:36:30 [secrets] Starting analyzer... latest: Pulling from gitlab-org/security-products/analyzers/secrets bdf0201b3a05: Pulling fs layer 2b95ad226aea: Pulling fs layer 5b39a804479c: Pulling fs layer df2fe20a49c1: Pulling fs layer df2fe20a49c1: Waiting bdf0201b3a05: Verifying Checksum bdf0201b3a05: Download complete bdf0201b3a05: Pull complete 5b39a804479c: Verifying Checksum 5b39a804479c: Download complete 2b95ad226aea: Verifying Checksum 2b95ad226aea: Download complete df2fe20a49c1: Verifying Checksum df2fe20a49c1: Download complete 2b95ad226aea: Pull complete 5b39a804479c: Pull complete df2fe20a49c1: Pull complete Digest: sha256:f66cf0d899ed3666abdd3da7341adc7e6f5f552dbf992cf4fd8ef5b0ed59c0be Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/analyzers/secrets:latest
Output of checks
This is from the Ultimate version of GitLab (ie not GitLab.com).
Results of GitLab environment info
Results of GitLab application Check
See logs above for a date of the latest application used.