You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Honor ignore files and exclude tests from scans (#5)
* feat: honor ignore files and test exclusions
* fix: bound score penalties by issue density
* feat: report aggregate comment line stats
* feat: classify comment and code line stats
* feat: report deterministic scan state
Copy file name to clipboardExpand all lines: CHANGELOG.md
+8Lines changed: 8 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,6 +2,14 @@
2
2
3
3
## Unreleased
4
4
5
+
- Parse `.gitignore`, `.ignore`, and `.git/info/exclude` during working-tree scans.
6
+
- Add `--exclude-tests` to skip well-known test-case paths from aggregate scan analysis.
7
+
- Replace the linear score deduction with a bounded issue-density curve so noisy large repositories do not collapse to zero.
8
+
- Add aggregate code/blank/comment-only/inline-comment line statistics to scan and diff reports, and use code lines for issue-density scoring when available.
9
+
- Add explicit scan and diff status, regression, threshold, and incomplete-report metadata.
10
+
- Count files skipped due to size or per-file analysis budget, and mark affected reports incomplete.
11
+
- Stream blob analysis so scans retain aggregate facts instead of repository-wide raw blob contents.
Copy file name to clipboardExpand all lines: README.md
+43-2Lines changed: 43 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -52,6 +52,9 @@ scanner scan .
52
52
# Emit aggregate JSON
53
53
scanner scan . --json
54
54
55
+
# Exclude well-known test files and test directories
56
+
scanner scan . --exclude-tests
57
+
55
58
# Detect languages and module roots
56
59
scanner detect .
57
60
@@ -92,17 +95,35 @@ code-signal detects and analyzes these languages with built-in lexical/parser ch
92
95
93
96
Detection uses extensions, shebangs, and common manifests such as `go.mod`, `package.json`, `pyproject.toml`, `Cargo.toml`, `pom.xml`, Gradle files, `.csproj`, `.sln`, `composer.json`, `Gemfile`, `Dockerfile`, `Containerfile`, and `*.dockerfile`.
94
97
98
+
## Aggregate line statistics
99
+
100
+
Scan JSON includes `lines_scanned`, `blank_lines`, `code_lines`, `comment_lines`, `comment_only_lines`, `inline_comment_lines`, and `comment_density_percent`. The same aggregate fields are reported for `totals`, `by_language`, and `by_module`; diff JSON includes before/after/delta values under `totals_delta`.
101
+
102
+
`lines_scanned` is physical scanned lines. `code_lines` excludes blank lines and comment-only lines, but keeps lines that contain code plus an inline comment. The score model uses `code_lines` when available and falls back to physical lines for older reports.
103
+
104
+
Comment detection is lexical and language-aware for supported languages: it recognizes `//`, `#`, `/* ... */`, Rust nested block comments, Ruby `=begin`/`=end`, and standalone Python triple-quoted doc/comment blocks where those forms are valid. It ignores common markers inside quoted strings/raw strings/template literals and JavaScript/TypeScript regex literals, and never emits per-file locations or source snippets.
105
+
106
+
## Ignore files, test exclusion, and skip policy
107
+
108
+
Working-tree scans parse `.gitignore`, `.ignore`, and `.git/info/exclude` using gitignore-style rules before reading candidate files.
109
+
110
+
Pass `--exclude-tests` to `scan` or `diff` to skip well-known test-case paths from aggregate analysis. The built-in defaults cover common Go (`*_test.go`, `testdata`), Java (`src/test/**`, `*Test.java`, `*Tests.java`, `*IT.java`), Python (`tests/**`, `test_*.py`, `*_test.py`, `conftest.py`), TypeScript/JavaScript (`__tests__/**`, `*.test.*`, `*.spec.*`, `cypress/**`, `playwright/**`, `e2e/**`), and Rust (`tests/**`, `benches/**`, `*_test.rs`) conventions.
111
+
112
+
Built-in skips still apply for common dependency, generated, build, coverage, and minified paths such as `node_modules`, `vendor`, `target`, `dist`, `build`, `.next`, `coverage`, `third_party`, `generated`, `gen`, `*.min.js`, `*.min.css`, `*.pb.go`, and `*_generated.go`.
113
+
95
114
## Configuration
96
115
97
116
Configuration is optional. If present, `scanner.json` is loaded from the scanned repository root or from `--config`.
98
117
99
118
```json
100
119
{
101
120
"scan": {
102
-
"default_timeout_seconds": 30,
121
+
"default_timeout_seconds": 0,
122
+
"max_file_analysis_ms": 2000,
103
123
"max_file_bytes": 1048576,
104
124
"follow_symlinks": false,
105
-
"workers": 0
125
+
"workers": 0,
126
+
"exclude_tests": false
106
127
},
107
128
"score": {
108
129
"fail_under": 75,
@@ -120,6 +141,26 @@ Configuration is optional. If present, `scanner.json` is loaded from the scanned
120
141
121
142
Unknown config fields and trailing JSON values are rejected.
122
143
144
+
`scan.default_timeout_seconds` is disabled by default; use `--timeout` or set a
145
+
positive value when a whole-command emergency brake is needed. Files larger than
146
+
`scan.max_file_bytes` are skipped before content is read. Files whose built-in
147
+
analysis exceeds `scan.max_file_analysis_ms` are skipped after the bounded
148
+
attempt. These are included in `totals.files_skipped_due_to_size` or
149
+
`totals.files_skipped_due_to_timeout`. When this happens, scan and diff reports
150
+
set `incomplete: true`, so the score is clearly a quick optimistic signal over
151
+
the scanned subset.
152
+
153
+
## Score model
154
+
155
+
The score is a bounded weighted issue-density signal, not a SonarQube debt rating:
Error caps still apply after density scoring: any error caps the score at `89`, and five or more errors cap it at `69`. Bands are `excellent` for `90+`, `good` for `75-89`, `needs work` for `50-74`, and `poor` below `50`.
163
+
123
164
## Privacy and output contract
124
165
125
166
Reports are aggregate-only. Facts and report JSON do not include file paths, line/column coordinates, snippets, clone groups, per-file findings, or source text. The scanner reads local files and local git objects only; it performs no telemetry, update checks, remote rule downloads, package installs, or network calls.
0 commit comments