Exclusions

Configure what files and directories Azath should skip during scanning.

How Exclusions Work

Azath respects .gitignore by default. You can add additional exclusions in your azath.yaml config file.

Ignore Patterns

Use glob patterns to exclude files and directories:

# azath.yaml
exclude:
  # Dependencies
  - "**/node_modules/**"
  - "**/vendor/**"
  - "**/.venv/**"
  
  # Build outputs
  - "**/dist/**"
  - "**/build/**"
  - "**/.next/**"
  
  # Test files
  - "**/test/**"
  - "**/tests/**"
  - "**/*_test.go"
  - "**/*.test.js"
  
  # Test data
  - "**/testdata/**"
  - "**/fixtures/**"
  
  # Documentation
  - "**/docs/examples/**"

Allowlist

Mark known safe values to prevent false positives:

# azath.yaml
allowlist:
  # Example keys (exact match)
  - "sk-example-key-for-documentation"
  - "AKIAIOSFODNN7EXAMPLE"
  - "your-api-key-here"
  
  # Regex patterns
  - "^example_[a-z]+$"
  - "^test_key_[0-9]+$"
  - "^placeholder_.*$"

Common Patterns by Project Type

JavaScript/TypeScript

exclude:
  - "**/node_modules/**"
  - "**/dist/**"
  - "**/build/**"
  - "**/.next/**"
  - "**/*.min.js"
  - "**/coverage/**"
  - "**/__tests__/**"
  - "**/*.test.{js,ts,jsx,tsx}"

Go

exclude:
  - "**/vendor/**"
  - "**/testdata/**"
  - "**/*_test.go"
  - "**/mock/**"
  - "**/bin/**"

Python

exclude:
  - "**/__pycache__/**"
  - "**/.venv/**"
  - "**/venv/**"
  - "**/*.egg-info/**"
  - "**/tests/**"
  - "**/test_*.py"
  - "**/*_test.py"

Debugging Exclusions

See what files are being ignored:

azath scan-all --verbose --show-ignored

Test allowlist patterns:

azath config test-allowlist "your-string-here"