We have a GitHub repository with code written in Golang. We vendor all dependencies so there's a big vendor folder in the root of the repo that contains 3rd-party dependencies. We don't want to scan this folder so we have .ldignore file in the root of the repository. The content of this file is:
Despite this fact, if I make a commit and add new files to the vendor folder, I can see that the tool scans such files:
DEBUG: 2023/01/20 14:47:48 git.go:305: Examining from file: FROM_PATH and to file: vendor/test/test.md
It seems that it scans only files that were added in the commit but doesn't scan the files that were there before the commit. (we run the tool with --lookback 1 parameter to scan only the last commit)
Tool version: 2.8.0
We have a GitHub repository with code written in Golang. We vendor all dependencies so there's a big
vendorfolder in the root of the repo that contains 3rd-party dependencies. We don't want to scan this folder so we have.ldignorefile in the root of the repository. The content of this file is:Despite this fact, if I make a commit and add new files to the
vendorfolder, I can see that the tool scans such files:DEBUG: 2023/01/20 14:47:48 git.go:305: Examining from file: FROM_PATH and to file: vendor/test/test.mdIt seems that it scans only files that were added in the commit but doesn't scan the files that were there before the commit. (we run the tool with --lookback 1 parameter to scan only the last commit)
Tool version: 2.8.0