Merge pull request #1096 from GitGuardian/agateau/docker-scan-usr-src-app

sevbch · web-flow · commit d518ac67e433 · 2025-05-14T17:01:44.000+02:00
Make `scan docker` scan files in /usr/src/app
diff --git a/changelog.d/20250514_134109_aurelien.gateau_docker_scan_usr_src_app.md b/changelog.d/20250514_134109_aurelien.gateau_docker_scan_usr_src_app.md
@@ -0,0 +1,3 @@
+### Changed
+
+- `ggshield secret scan docker` now scans files in `/usr/src/app`.
diff --git a/ggshield/verticals/secret/docker.py b/ggshield/verticals/secret/docker.py
@@ -33,7 +33,7 @@
     from ggshield.core.scan import ScanContext
 
 FILEPATH_BANLIST = [
-    r"^/?usr/(?!share/nginx)",
+    r"^/?usr/(?!share/nginx|src/app)",
     r"^/?lib/",
     r"^/?share/",
     r"^/?bin/",
diff --git a/tests/unit/cmd/scan/test_docker.py b/tests/unit/cmd/scan/test_docker.py
@@ -35,6 +35,7 @@ class TestDockerUtils:
             ["/my/file/secret.py", set(), True],
             ["/my/file/usr/bin/secret.py", set(), True],
             ["/usr/share/nginx/secret.py", set(), True],
+            ["/usr/src/app/secret.py", set(), True],
             ["/gems/secret.py", set(), True],
             ["/npm-bis/secret.py", set(), True],
             ["/banned/extension/secret.exe", set(), False],

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+### Changed`
	`2`	`+`
	`3`	+- `ggshield secret scan docker` now scans files in `/usr/src/app`.