Excluding files from analysis | Fluid Attacks Help

Excluding files from analysis

You can exclude specific files or directories from the smells analysis by creating an exclusion file in the root of your repository. The integration supports two exclusion file formats:

Using the .smellsignore file

Create a file named .smellsignore in the root directory of your repository. This file uses pattern matching (similar to .gitignore) to exclude files from analysis.

Example

*.pyc
__pycache__
*.log
node_modules/
tests/
dist/
build/
*.min.js

Using the smells-exclude.txt file

Alternatively, you can create a file named smells-exclude.txt in the root directory of your repository with the same pattern format.

Example

*.pyc
__pycache__
*.log
node_modules/
Notes
Note: If both files exist, .smellsignore takes priority over smells-exclude.txt.

Pattern matching rules

The exclusion patterns support the following matching rules:
  1. Wildcards: Use * to match any sequence of characters
  2. *.pyc matches all files ending with .pyc
  3. test_*.py matches files starting with test_ and ending with .py
  4. Directory exclusion: Patterns ending with / or matching directory names exclude entire directories
  5. node_modules/ excludes the entire node_modules directory
  6. tests/ excludes the entire tests directory
  7. Path matching: Patterns can match relative paths from the repository root
  8. src/legacy/* excludes all files in src/legacy/ - config/local.* excludes files like config/local.yaml, config/local.json
  9. Comments: Lines starting with # are treated as comments and ignored
  10. Empty lines: Empty lines are ignored

Example of .smellsignore with comments

# Compiled Python files
*.pyc
__pycache__

# Log files
*.log

# Dependencies
node_modules/

# Test files (optional - uncomment if you want to exclude tests)
# tests/

# Build artifacts
dist/
build/

Files matching any pattern in the exclusion file will be skipped during the security analysis, reducing false positives from generated code, dependencies, or test files.