Documentation
¶
Overview ¶
Package baseline provides functionality to track and suppress known findings.
Index ¶
Constants ¶
View Source
const DefaultBaselineFile = ".gosecretscanner-baseline.json"
DefaultBaselineFile is the default baseline file name.
Variables ¶
This section is empty.
Functions ¶
func Fingerprint ¶
Fingerprint generates a unique identifier for a finding. The fingerprint is based on: file path, rule ID, and the secret value. Line numbers are NOT included since they drift as code changes.
func SecretHash ¶
SecretHash generates a hash of the secret value for verification.
Types ¶
type Baseline ¶
type Baseline struct {
Version string `json:"version"`
Entries []Entry `json:"entries"`
// contains filtered or unexported fields
}
Baseline holds all known/accepted findings.
func Load ¶
Load reads a baseline from the specified file. Returns an empty baseline if the file doesn't exist.
func (*Baseline) IsBaselined ¶
IsBaselined checks if a finding (by path, rule, secret) is in the baseline.
type Entry ¶
type Entry struct {
Fingerprint string `json:"fingerprint"` // Unique identifier for this finding
FilePath string `json:"file"` // Relative file path
LineNumber int `json:"line"` // Original line number (may drift)
RuleID string `json:"rule_id"` // Rule that triggered this finding
SecretHash string `json:"secret_hash"` // SHA256 of the secret value (for verification)
Reason string `json:"reason,omitempty"` // Why this was baselined (optional)
}
Entry represents a single finding in the baseline.
Source Files
Click to show internal directories.
Click to hide internal directories.