Make including values opt-out
Currently, the CLI parses Ansible YAML content without any parameter values by default. With values, we can discover additional tips for improvements that bring additional value to the users.
Since the CLI already discovers any secrets (passwords, SSH keys, cloud credentials, etc.) there are no worries not to send the values (for enterprises that want to self-control data flow we support the on-prem version). A lot of users are not using the --include-values
mostly because they don't know about it. Since we and the users want to get most of Spotter just with spotter scan .
, we can make including values opt-out with the new --exclude-values
flag that would signal the CLI to omit parsing and uploading the parameter values from Ansible plays and tasks.