Description
How to use the exclude locations in ScanCentral SAST to skip specific Azure DevOps files or folders during scans. Exclusions are case-sensitive and can be applied to both files and subfolders, with each exclusion listed on a separate line.
Solution
To exclude specific files or folders from scanning, follow these guidelines:
-
Excludes Folders and Subfolders:
The exclusion applies to the specified folder and all its subfolders. -
Supports File Exclusions:
You can exclude specific files by entering their exact names. -
Case-Sensitive:
Exclusions are case-sensitive. Ensure the exact case of folder/file names. -
Multiple Exclusions:
Each exclusion must be entered on a separate line. For example:
This ensures that folder1, fileToExclude.js, and excludeMe.java will not be scanned.
Example of Use:
Suppose you have a project with the following folder structure:
If you wish to exclude:
- The
/libs/
folder - The
test.js
file inside/main/test/
- Any file in the
/build/
folder
You would add the following entries to the Exclude Locations configuration:
This ensures that these files and folders will not be scanned.
Scenario 1: Multiple repositories opened in same pipeline.
Solution:
In the screenshot below, the project consists of two repositories: one for Java and another for .NET. This is just an example; the second repository or folder can be anything.
As shown in the screenshot below, the 'Exclude' field is located under 'Translation Options.' Any folder name and/or file name entered in this field will be excluded from scanning.
This field is case-sensitive, so file names or folder names should be entered exactly as they appear in the repository. Each file name or folder name should be entered on a new line, as shown in the image below. File names should include their extensions. Any file name or folder name entered in this field will be excluded from the scan, regardless of its location within the project folders or subfolders
When this job is executed, the details of the 'Exclude' parameter can be observed in the job log, as shown in the screenshot below.
Scenario 2: As shown in the screenshot, the log indicates that the build file path is not provided. This task will always search for the build file in the root folder by default. Therefore, the build file name, along with its full path from the root folder, must be specified. For example: dotnet/xxxx.sln, as shown in the screenshot. In this case, the root folder is 'projects,' under which 'dotnet' is one of the repositories.
If more than one repository is present, any of the following approaches can be followed:
- Select 'DotNet' as the build tool in case of dotnet project and provide the full path of the build file for the repository to be built. Specify the other repository folder name in the 'Exclude' field. This will ensure only one repository is built and scanned. Other folder will be excluded from scan.
- Select the build tool as 'None.' In this case, no repositories will be built, but all repositories will be scanned.