Excluding files from analysis
Last updated: Feb 5, 2026
You can exclude specific files or directories from the security analysis by creating an exclusion file in the root of your repository. The integration supports two exclusion file formats:
Using the .fluidattacksignore file
Create a file named .fluidattacksignore in the root directory
of your repository.
This file uses pattern matching (similar to .gitignore)
to exclude files from analysis.
Example
*.pyc
__pycache__
*.log
node_modules/
tests/
dist/
build/
*.min.jsUsing the fluidattacks-exclude.txt file
Alternatively,
you can create a file named fluidattacks-exclude.txt
in the root directory of your repository with the same pattern format.
Example
*.pyc
__pycache__
*.log
node_modules/If both files exist, .fluidattacksignore takes priority over
fluidattacks-exclude.txt.
Pattern matching rules
The exclusion patterns support the following matching rules:
- Wildcards:
Use
*to match any sequence of characters *.pycmatches all files ending with.pyctest_*.pymatches files starting withtest_and ending with.py- Directory exclusion:
Patterns ending with
/or matching directory names exclude entire directories node_modules/excludes the entirenode_modulesdirectorytests/excludes the entiretestsdirectory- Path matching: Patterns can match relative paths from the repository root
src/legacy/*excludes all files insrc/legacy/config/local.*excludes files likeconfig/local.yamlandconfig/local.json- Comments:
Lines starting with
#are treated as comments and ignored - Empty lines: Empty lines are ignored
Example of .fluidattacksignore with comments
# Compiled Python files
*.pyc
__pycache__
# Log files
*.log
# Dependencies
node_modules/
# Test files (optional - uncomment if you want to exclude tests)
# tests/
# Build artifacts
dist/
build/Files matching any pattern in the exclusion file will be skipped during the security analysis, reducing false positives from generated code, dependencies, or test files.