Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: default ignore file value #1269

Merged
merged 4 commits into from
Sep 15, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion docs/_data/bearer_ignore_add.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ options:
default_value: my.bearer.sh
usage: Specify the Host for sending the report.
- name: ignore-file
default_value: bearer.ignore
usage: Load ignore file from the specified path.
- name: log-level
default_value: info
Expand All @@ -44,7 +45,7 @@ options:
default_value: "false"
usage: Disable color in output
example: |-
# Add an ignored fingerprint to your bearer.ignore file
# Add an ignored fingerprint to your ignore file
$ bearer ignore add <fingerprint> --author Mish --comment "Possible false positive"
see_also:
- ' ignore - Manage ignored fingerprints'
Expand Down
6 changes: 3 additions & 3 deletions docs/_data/bearer_ignore_migrate.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
name: ' ignore migrate'
synopsis: |
Migrate ignored fingerprints from bearer.yml to bearer.ignore
synopsis: Migrate ignored fingerprints from bearer.yml to ignore file
usage: ' ignore migrate [flags]'
options:
- name: api-key
Expand Down Expand Up @@ -28,6 +27,7 @@ options:
default_value: my.bearer.sh
usage: Specify the Host for sending the report.
- name: ignore-file
default_value: bearer.ignore
usage: Load ignore file from the specified path.
- name: log-level
default_value: info
Expand All @@ -36,7 +36,7 @@ options:
default_value: "false"
usage: Disable color in output
example: |-
# Migrate existing ignored (excluded) fingerprints from bearer.yml file to bearer.ignore
# Migrate existing ignored (excluded) fingerprints from bearer.yml file to ignore file
$ bearer ignore migrate
see_also:
- ' ignore - Manage ignored fingerprints'
Expand Down
1 change: 1 addition & 0 deletions docs/_data/bearer_ignore_pull.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ options:
default_value: my.bearer.sh
usage: Specify the Host for sending the report.
- name: ignore-file
default_value: bearer.ignore
usage: Load ignore file from the specified path.
- name: log-level
default_value: info
Expand Down
3 changes: 2 additions & 1 deletion docs/_data/bearer_ignore_remove.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ options:
default_value: my.bearer.sh
usage: Specify the Host for sending the report.
- name: ignore-file
default_value: bearer.ignore
usage: Load ignore file from the specified path.
- name: log-level
default_value: info
Expand All @@ -32,7 +33,7 @@ options:
default_value: "false"
usage: Disable color in output
example: |-
# Remove an ignored fingerprint from your bearer.ignore file
# Remove an ignored fingerprint from your ignore file
$ bearer ignore remove <fingerprint>
see_also:
- ' ignore - Manage ignored fingerprints'
Expand Down
3 changes: 2 additions & 1 deletion docs/_data/bearer_ignore_show.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ options:
default_value: my.bearer.sh
usage: Specify the Host for sending the report.
- name: ignore-file
default_value: bearer.ignore
usage: Load ignore file from the specified path.
- name: log-level
default_value: info
Expand All @@ -35,7 +36,7 @@ options:
default_value: "false"
usage: Disable color in output
example: |-
# Show the details of an ignored fingerprint from your bearer.ignore file
# Show the details of an ignored fingerprint from your ignore file
$ bearer ignore show <fingerprint>
see_also:
- ' ignore - Manage ignored fingerprints'
Expand Down
1 change: 1 addition & 0 deletions docs/_data/bearer_scan.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ options:
default_value: my.bearer.sh
usage: Specify the Host for sending the report.
- name: ignore-file
default_value: bearer.ignore
usage: Load ignore file from the specified path.
- name: internal-domains
default_value: '[]'
Expand Down
1 change: 1 addition & 0 deletions docs/_data/bearer_version.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ options:
default_value: my.bearer.sh
usage: Specify the Host for sending the report.
- name: ignore-file
default_value: bearer.ignore
usage: Load ignore file from the specified path.
- name: log-level
default_value: info
Expand Down
12 changes: 6 additions & 6 deletions docs/guides/bearer-cloud.md
Original file line number Diff line number Diff line change
Expand Up @@ -95,19 +95,19 @@ Bearer Cloud automatically captures any scans run with a valid `api-key`. Subseq

### Ignored findings in Bearer Cloud

When a valid `api-key` is present, the very first scan of a project reads ignored fingerprints from the bearer.ignore file and subsequently creates ignored findings for these in the Cloud, including status and comments (if present). A finding has "False Positive" status in the Cloud if its corresponding bearer.ignore entry is a false positive (`false_positive: true`); otherwise, it has the status "Allowed".
When a valid `api-key` is present, the very first scan of a project reads ignored fingerprints from the ignore file and subsequently creates ignored findings for these in the Cloud, including status and comments (if present). A finding has "False Positive" status in the Cloud if its corresponding ignore file entry is a false positive (`false_positive: true`); otherwise, it has the status "Allowed".

After the initial scan, the Cloud is taken as the source of truth for ignored fingerprints. If there are new entries added to the bearer.ignore file, in most cases, these are sent to the Cloud on subsequent scans, and the corresponding Cloud findings are updated to "False Positive" or "Allowed" status accordingly.
After the initial scan, the Cloud is taken as the source of truth for ignored fingerprints. If there are new entries added to the ignore file, in most cases, these are sent to the Cloud on subsequent scans, and the corresponding Cloud findings are updated to "False Positive" or "Allowed" status accordingly.

However, it is important to note that the Cloud state is always prioritized over the contents of the bearer.ignore file. If a finding is already ignored in the Cloud, and then added to the bearer.ignore file, its Cloud status and comments are unchanged by subsequent scans. Similarly, if an ignored finding is re-opened in the Cloud, and then added to the bearer.ignore file, its Cloud status remains "Open". That is, re-opened findings can only be re-ignored again from the Cloud.
However, it is important to note that the Cloud state is always prioritized over the contents of the ignore file. If a finding is already ignored in the Cloud, and then added to the ignore file, its Cloud status and comments are unchanged by subsequent scans. Similarly, if an ignored finding is re-opened in the Cloud, and then added to the ignore file, its Cloud status remains "Open". That is, re-opened findings can only be re-ignored again from the Cloud.

Furthermore, if an ignored finding is later re-opened in the Cloud, any corresponding bearer.ignore entry is not automatically removed. Over time, then, the bearer.ignore file may become out-of-sync with the Cloud state. To remedy this, and align the bearer.ignore file with what is in the Cloud, use the following action:
Furthermore, if an ignored finding is later re-opened in the Cloud, any corresponding ignore entry is not automatically removed. Over time, then, the ignore file may become out-of-sync with the Cloud state. To remedy this, and align the ignore file with what is in the Cloud, use the following action:

```bash
bearer ignore pull project-folder --api-key=XXXXXXXX
```

This action overwrites the current bearer.ignore file (including any new additions not yet sent to the Cloud) with all ignored findings from the Cloud, including status, comments, and author information.
This action overwrites the current ignore file (including any new additions not yet sent to the Cloud) with all ignored findings from the Cloud, including status, comments, and author information.

## Jira integration

Expand All @@ -124,7 +124,7 @@ You have two ways to use the Jira Integration:
2. Link a finding to an existing Jira ticket.
![Link Jira Ticket](/assets/img/jira-integration/link.png)

Once a finding is associated with a Jira ticket, you can quickly see it in the interface, view the ticket status and go to the ticket.
Once a finding is associated with a Jira ticket, you can quickly see it in the interface, view the ticket status and go to the ticket.

![View Jira Ticket](/assets/img/jira-integration/view.png)

Expand Down
2 changes: 1 addition & 1 deletion docs/guides/configure-scan.md
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ To ignore this finding, run: bearer ignore add 4b0883d52334dfd9a4acce2fcf810121_
...
```

If a finding is not relevant, you can ignore it automatically from future scans using the ```bearer ignore add``` command. This adds the finding's fingerprint to your bearer.ignore file. You can also provide optional author information or a comment:
If a finding is not relevant, you can ignore it automatically from future scans using the ```bearer ignore add``` command. This adds the finding's fingerprint to your ignore file. You can also provide optional author information or a comment:

```bash
bearer ignore add 4b0883d52334dfd9a4acce2fcf810121_0 \
Expand Down
2 changes: 1 addition & 1 deletion e2e/flags/.snapshots/TestMetadataFlags-help-scan
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ General Flags
--config-file string Load configuration from the specified path. (default "bearer.yml")
--debug Enable debug logs. Equivalent to --log-level=debug
--disable-version-check Disable Bearer version checking
--ignore-file string Load ignore file from the specified path.
--ignore-file string Load ignore file from the specified path. (default "bearer.ignore")
--log-level string Set log level (error, info, debug, trace) (default "info")
--no-color Disable color in output

Expand Down
2 changes: 1 addition & 1 deletion e2e/flags/.snapshots/TestMetadataFlags-scan-help
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ General Flags
--config-file string Load configuration from the specified path. (default "bearer.yml")
--debug Enable debug logs. Equivalent to --log-level=debug
--disable-version-check Disable Bearer version checking
--ignore-file string Load ignore file from the specified path.
--ignore-file string Load ignore file from the specified path. (default "bearer.ignore")
--log-level string Set log level (error, info, debug, trace) (default "info")
--no-color Disable color in output

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ General Flags
--config-file string Load configuration from the specified path. (default "bearer.yml")
--debug Enable debug logs. Equivalent to --log-level=debug
--disable-version-check Disable Bearer version checking
--ignore-file string Load ignore file from the specified path.
--ignore-file string Load ignore file from the specified path. (default "bearer.ignore")
--log-level string Set log level (error, info, debug, trace) (default "info")
--no-color Disable color in output

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ General Flags
--config-file string Load configuration from the specified path. (default "bearer.yml")
--debug Enable debug logs. Equivalent to --log-level=debug
--disable-version-check Disable Bearer version checking
--ignore-file string Load ignore file from the specified path.
--ignore-file string Load ignore file from the specified path. (default "bearer.ignore")
--log-level string Set log level (error, info, debug, trace) (default "info")
--no-color Disable color in output

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ General Flags
--config-file string Load configuration from the specified path. (default "bearer.yml")
--debug Enable debug logs. Equivalent to --log-level=debug
--disable-version-check Disable Bearer version checking
--ignore-file string Load ignore file from the specified path.
--ignore-file string Load ignore file from the specified path. (default "bearer.ignore")
--log-level string Set log level (error, info, debug, trace) (default "info")
--no-color Disable color in output

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ General Flags
--config-file string Load configuration from the specified path. (default "bearer.yml")
--debug Enable debug logs. Equivalent to --log-level=debug
--disable-version-check Disable Bearer version checking
--ignore-file string Load ignore file from the specified path.
--ignore-file string Load ignore file from the specified path. (default "bearer.ignore")
--log-level string Set log level (error, info, debug, trace) (default "info")
--no-color Disable color in output

Expand Down
2 changes: 1 addition & 1 deletion internal/commands/artifact/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,7 @@ func getIgnoredFingerprints(client *api.API, settings settings.Config) (
staleIgnoredFingerprintIds []string,
err error,
) {
localIgnoredFingerprints, _, err := ignore.GetIgnoredFingerprints(settings.IgnoreFile, &settings.Target)
localIgnoredFingerprints, _, _, err := ignore.GetIgnoredFingerprints(settings.IgnoreFile, &settings.Target)
if err != nil {
return useCloudIgnores, ignoredFingerprints, staleIgnoredFingerprintIds, err
}
Expand Down
Loading
Loading