Update directory exclusion info#1706
Closed
cpottsbd wants to merge 110 commits into
Closed
Conversation
…TECT-5056-cargo-version-sanitization-bugfix-SNAPSHOT
Update directory exclusion info
shantyk
approved these changes
Apr 1, 2026
karolynbd
reviewed
Apr 1, 2026
| | `/projectRoot/d*/*` | /projectRoot/dir/foo & /projectRoot/directory/bar | | | ||
| | Value | Excluded | Not Excluded | Notes | | ||
| |--------------------|-----------------------------------------------------------------|---------------------------------|----------------------------------------------| | ||
| | `foo/bar` | `/projectRoot/foo/bar` | `/projectRoot/dir/foo/bar` | Excludes directories at any depth | |
Collaborator
There was a problem hiding this comment.
Seems like the "Notes" and the "Not Excluded" columns contradict each other.
Contributor
Author
There was a problem hiding this comment.
Hopefully the latest push sorts that out? (It did not.)
Update
… dependency scans
…ETECT-5056-cargo-version-sanitization-bugfix Fix cargo version parsing for caret, tilde, and pre-release versions
* poc for correlated scanning endpoint * fix hardcoding and other bugs * adjust accept header * disable binary scans * no version is okay in component detection * Release 11.4.0-SIGQA1-dterry.IDETECT-4817-correlated-scans * Using the next snapshot post release 11.4.0-SIGQA2-dterry.IDETECT-4817-correlated-scans-SNAPSHOT * pass correlation decisions to signature scans * properly check package manager scans * standardize package manager checks * Release 11.4.0-SIGQA2-dterry.IDETECT-4817-correlated-scans * Using the next snapshot post release 11.4.0-SIGQA3-dterry.IDETECT-4817-correlated-scans-SNAPSHOT * new server properties section * boolean logging * Update tomlj library to latest version * Resolve the antlr conflict with other dependency * Upgrade antlr version * Upgrade antlr version * add test * Update NpmCliParser.java use actualName * Release 11.4.0-SIGQA3-dterry.IDETECT-4817-correlated-scans * Using the next snapshot post release 11.4.0-SIGQA4-dterry.IDETECT-4817-correlated-scans-SNAPSHOT * added release note * Release 11.4.0-SIGQA9 * Using the next snapshot post release 11.4.0-SIGQA10-SNAPSHOT * safety addition for stateless and finalize mime type * Migrate Bitbake to use graphviz library * Release 11.4.0-SIGQA10-devm.IDETECT-5058 * add server properties to status.json * Using the next snapshot post release 11.4.0-SIGQA11-devm.IDETECT-5058-SNAPSHOT * Update currentreleasenotes.md * Release 11.4.0-SIGQA4-dterry.IDETECT-4817-correlated-scans * Using the next snapshot post release 11.4.0-SIGQA5-dterry.IDETECT-4817-correlated-scans-SNAPSHOT * Update commonproblems.md * Update DetectProperties.java * Update currentreleasenotes.md remove this change imported from another PR (Will get covered under that PR) * Update commonproblems.md * code review updates * further code review improvements * fix output to show only actual values * Update commonproblems.md fix typo * Release 11.4.0-SIGQA10 * Using the next snapshot post release 11.4.0-SIGQA11-SNAPSHOT * Release 11.4.0-SIGQA11-devm.IDETECT-5058 * Release 11.4.0-SIGQA12-devm.IDETECT-5058 * Release 11.4.0-SIGQA11-devm.IDETECT-5058 * Using the next snapshot post release 11.4.0-SIGQA12-devm.IDETECT-5058-SNAPSHOT * Check if correlation scanning was enabled for fallback scenario * Add doc changes for previous tickets * Address review comment * Address review comment * feat(bazel): faster discovery path for HTTP-archive family repositories in Bzlmod projects (Bazel 7.1+) (#1709) * Update currentreleasenotes.md * Update currentreleasenotes.md * Update commonproblems.md * Release 11.4.0-SIGQA12 * Using the next snapshot post release 11.4.0-SIGQA13-SNAPSHOT * Add support for .slnx files in NuGet Solution Native Inspector (#1688) * Add support for .slnx files in NuGet Solution Native Inspector * Release notes * WIP chnages * Remove comments and whitespace in diff * rev bouncy castle and plexutil libs * (fix/refactor): Remove unnecessary calls to Notification APIs (IDETECT-4992) (#1708) * Notification APIs: remove unnecessary calls * Don't wait at BOM level for IAC or impact analysis scans since we cannot check their completion status via notifications or bom status. This is existing behaviour, setting wait to true was a noop. * Refactor Impact Analysis upload operation to createCodeLocationsWithoutNotificationTaskRange. Prevents call to notifications API for which the results were never used downstream, CodeLocationCreationData's NotificationTaskRange is null. * Latest IntelligentModeStepRunner changes * Pkg mngr and signature updates * Testing for regressions * Remove unused impact analysis related methods * Remove unused ImpactAnalysisToolResult class * Deprecate shouldWaitAtScanLevel since it simply checks if a server version exists and is at least 2023.1.1 which has reached end of service. * Update bd-common version with soon to be released lib version * Propogate removal of shouldWaitAtScanLevel to signature scanner * Remove prescass pkg mngr BDIO code location upload from being considered a waitable (via notifications). * Minor updates * Rename back to uploadBdioFiles * Clean up comments * Revert changes to waitable signature scanner code loctaion * Remove comments in signaturescansteprunner * Add missed method update for binary upload * Remove NotificationTaskRange param from WaitableCodeLocationData constructor as it is no longer used. * Fix whitespace in diff * Fix method rename issue after rebase * Fix regression wrt correlated scanning. Correlated scan count calculations are tightly coupled with the legacy idea of a waitable code location. * Bump bd-common version 68.0.0 * Release 11.4.0-SIGQA13 * Using the next snapshot post release 11.4.0-SIGQA14-SNAPSHOT * Release 11.4.0-SIGQA14 * Using the next snapshot post release 11.4.0-SIGQA15-SNAPSHOT * Release 11.5.0-SIGQA2-shanty.merge_11.4.z_to_main * Using the next snapshot post release 11.5.0-SIGQA3-shanty.merge_11.4.z_to_main-SNAPSHOT --------- Co-authored-by: dterrybd <dterry@blackduck.com> Co-authored-by: blackduck-serv-builder <serv-builder@blackducksoftware.com> Co-authored-by: dterrybd <103214400+dterrybd@users.noreply.github.com> Co-authored-by: devmehtabd <devmehta@blackduck.com> Co-authored-by: cpottsbd <36172712+cpottsbd@users.noreply.github.com> Co-authored-by: Dev Mehta <128397570+devmehtabd@users.noreply.github.com> Co-authored-by: Samrat Mukherjee <samratmuk@blackduck.com>
Contributor
|
@cpottsbd @karolynbd Here are the exclusion test results (apologies for the delay): 
Given the above test project structure and the following values for detect.excluded.directories (note all search depths were at their default values): But if I set depths to higher: 
|
…71-sbt-evictions-fix-SNAPSHOT
* include quack patch output directory as part of diagnostic zip * do not fail diagnostic zip creation if quack patch output dir cannot be copied * trim the dir before processing * set detect.quack.patch.output property as deprecated
…tection" section in Bazel docs (#1776)
…71-sbt-evictions-fix IDETECT-5071: Fix SBT dependency eviction handling
…#1774) * Typo fixes * Replace centos examples and add explanation for deprecation * Remove examples using centos * Deprecate DI external property for centos port * Final touches on docs * Add small warning in console logs when DI is invoked * Fix location of warning in console * Address review comments
…1725) * (fix) setuptools: Handle invalid setup.py install_requires sections * Update release notes * Update docs, add tests and refactor egex matching * Get rid of whitespace in diff * Whitespace * Whitespace * More whitespace fixes * Handle commented out lines in setup.py and add two test cases for the same * Address review comment regarding order of null check to prevent NPE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update directory exclusion info and clean up tables