1+ # a list of globs to exclude from scanning. same as --exclude ; for example:
2+ # exclude:
3+ # - "/etc/**"
4+ # - "./out/**/*.json"
5+ exclude :
6+ - ./.git/**
7+
8+ # maximum number of workers used to process the list of package catalogers in parallel
9+ parallelism : 3
10+
11+ # cataloging packages is exposed through the packages and power-user subcommands
12+ package :
13+ # search within archives that do contain a file index to search against (zip)
14+ # note: for now this only applies to the java package cataloger
15+ # SYFT_PACKAGE_SEARCH_INDEXED_ARCHIVES env var
16+ search-indexed-archives : true
17+ # search within archives that do not contain a file index to search against (tar, tar.gz, tar.bz2, etc)
18+ # note: enabling this may result in a performance impact since all discovered compressed tars will be decompressed
19+ # note: for now this only applies to the java package cataloger
20+ # SYFT_PACKAGE_SEARCH_UNINDEXED_ARCHIVES env var
21+ search-unindexed-archives : true
22+ cataloger :
23+ # enable/disable cataloging of packages
24+ # SYFT_PACKAGE_CATALOGER_ENABLED env var
25+ enabled : true
26+ # the search space to look for packages (options: all-layers, squashed)
27+ # same as -s ; SYFT_PACKAGE_CATALOGER_SCOPE env var
28+ scope : " squashed"
29+
30+ # cataloging file contents is exposed through the power-user subcommand
31+ file-contents :
32+ cataloger :
33+ # enable/disable cataloging of secrets
34+ # SYFT_FILE_CONTENTS_CATALOGER_ENABLED env var
35+ enabled : true
36+ # the search space to look for secrets (options: all-layers, squashed)
37+ # SYFT_FILE_CONTENTS_CATALOGER_SCOPE env var
38+ scope : " squashed"
39+ # skip searching a file entirely if it is above the given size (default = 1MB; unit = bytes)
40+ # SYFT_FILE_CONTENTS_SKIP_FILES_ABOVE_SIZE env var
41+ skip-files-above-size : 1048576
42+ # file globs for the cataloger to match on
43+ # SYFT_FILE_CONTENTS_GLOBS env var
44+ globs : []
45+
46+ # cataloging file metadata is exposed through the power-user subcommand
47+ file-metadata :
48+ cataloger :
49+ # enable/disable cataloging of file metadata
50+ # SYFT_FILE_METADATA_CATALOGER_ENABLED env var
51+ enabled : true
52+ # the search space to look for file metadata (options: all-layers, squashed)
53+ # SYFT_FILE_METADATA_CATALOGER_SCOPE env var
54+ scope : " squashed"
55+ # the file digest algorithms to use when cataloging files (options: "sha256", "md5", "sha1")
56+ # SYFT_FILE_METADATA_DIGESTS env var
57+ digests : ["sha256"]
58+
59+ # cataloging secrets is exposed through the power-user subcommand
60+ secrets :
61+ cataloger :
62+ # enable/disable cataloging of secrets
63+ # SYFT_SECRETS_CATALOGER_ENABLED env var
64+ enabled : true
65+ # the search space to look for secrets (options: all-layers, squashed)
66+ # SYFT_SECRETS_CATALOGER_SCOPE env var
67+ scope : " all-layers"
68+ # show extracted secret values in the final JSON report
69+ # SYFT_SECRETS_REVEAL_VALUES env var
70+ reveal-values : false
71+ # skip searching a file entirely if it is above the given size (default = 1MB; unit = bytes)
72+ # SYFT_SECRETS_SKIP_FILES_ABOVE_SIZE env var
73+ skip-files-above-size : 1048576
74+ # name-regex pairs to consider when searching files for secrets. Note: the regex must match single line patterns
75+ # but may also have OPTIONAL multiline capture groups. Regexes with a named capture group of "value" will
76+ # use the entire regex to match, but the secret value will be assumed to be entirely contained within the
77+ # "value" named capture group.
78+ additional-patterns : {}
79+ # names to exclude from the secrets search, valid values are: "aws-access-key", "aws-secret-key", "pem-private-key",
80+ # "docker-config-auth", and "generic-api-key". Note: this does not consider any names introduced in the
81+ # "secrets.additional-patterns" config option.
82+ # SYFT_SECRETS_EXCLUDE_PATTERN_NAMES env var
83+ exclude-pattern-names : []
0 commit comments