How do I exclude a file or directory from my repository, for scanning?

Learn how to use .scanignore to exclude specific code from being scanned.

There will always be certain parts of a codebase that does not need to be analyzed. It could be because they either provide little to no value to the quality of a codebase, or that they are not something that your developers maintain, hence scanning them may produce inaccurate results.

Below are some recommendations for sections that users may want to exclude:

  • Unit tests
  • Generated codes
  • Third-party codes you don’t maintain
  • Codes not related to your application

Through a .scanignore file, you can seamlessly exclude specific code from being scanned.

Step-to-Step Guide

1. To get started, simply create a file named .scanignore in the root of your repository.

Here is an example repository:

스크린샷 2019-01-29 오후 2.53.24

2. Then, list the patterns you would like to exclude in the .scanignore file.

The Code Scanner recognizes patterns. Find out more about patterns at the bottom of this page!

For example, if you want to exclude all source files inside the folders ‘generated/’ and ‘deploy/scripts/’, your .scanignore would look like this:

스크린샷 2019-01-29 오후 3.06.18

3. Lastly, save the file.

If you have it locally, push your changes to GitHub so that those specified directories will be excluded the next time your repository gets scanned.

Additional Tips

  • You may include comments in your .scanignore file - just start a line with `#`.
스크린샷 2019-01-29 오후 3.06.40

  • You may put your .scanignore files in different directories (max. 2) and it will be processed by the Code Scanner.

Another method to use .scanignore is by having two .scanignore files.

  1. .scanignore
스크린샷 2019-01-29 오후 3.06.40

2. deploy/.scanignore

스크린샷 2019-01-29 오후 3.20.49

You may exclude more file patterns:

스크린샷 2019-01-29 오후 3.38.22