codescan 0.1.0

Fast, configurable source code security scanner
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

# codescan.toml — example configuration
# Copy to codescan.toml in your project root, or pass -c /path/to/config.toml

[rules]
# Disable specific rules by ID
disabled = [
    "EXPLOIT015",   # TODO/FIXME comments (too noisy)
    "INFRA001",     # Hardcoded IP addresses (often legitimate)
]

# Not yet implemented — reserved for a future release
# [rules.severity_overrides]
# "SECRET010" = "error"   # Treat JWT tokens as errors

[exclude]
# Glob patterns to exclude from scanning (relative to the scanned path)
paths = [
    "vendor/",
    "node_modules/",
    "*.min.js",
    "*.min.css",
    "dist/",
    "target/",
    ".git/",
    "**/*_test.go",
    "testdata/",
]

[scanner]
# Maximum file size to scan in bytes (default: 10 MiB)
max_file_size = 10485760

# Skip binary files detected by null-byte probe (default: true)
skip_binary = true

# Run high-entropy string detection near secret keywords (default: true)
entropy_scan = true