Learn how to use .scanignore to exclude specific code from being scanned.
There will always be certain parts of a codebase that does not need to be analyzed. It could be because they either provide little to no value to the quality of a codebase, or that they are not something that your developers maintain, hence scanning them may produce inaccurate results.
Below are some recommendations for sections that users may want to exclude:
- Unit tests
- Generated codes
- Third-party codes you don’t maintain
- Codes not related to your application
Through a .scanignore file, you can seamlessly exclude specific code from being scanned.
Step-to-Step Guide
1. To get started, simply create a file named .scanignore in the root of your repository.
Here is an example repository:
2. Then, list the patterns you would like to exclude in the .scanignore file.
The Code Scanner recognizes patterns. Find out more about patterns at the bottom of this page!
For example, if you want to exclude all source files inside the folders ‘generated/’ and ‘deploy/scripts/’, your .scanignore would look like this:
3. Lastly, save the file.
If you have it locally, push your changes to GitHub so that those specified directories will be excluded the next time your repository gets scanned.
Additional Tips
- You may include comments in your .scanignore file - just start a line with `#`.
- You may put your .scanignore files in different directories (max. 2) and it will be processed by the Code Scanner.
Another method to use .scanignore is by having two .scanignore files.
- .scanignore
2. deploy/.scanignore
You may exclude more file patterns:
