Meterian
  • Meterian
    • The Platform
    • SSO and MFA
    • Support
  • Codebase scanner
    • The Thin Client
      • How does the client work?
      • How does the client authenticate me?
      • How do I get the client?
      • What if I need a previous release?
      • Use the thin client on Windows
    • Using the client from your command line
      • Authorization in interactive mode
      • Interrupting the client
      • Example: running the client in interactive mode
    • Using the client in your CI/CD pipeline
      • Authorization in non-interactive mode
      • Providing the project branch
      • Concurrent mode
      • Two phases build
      • Controlling the exit code
      • Example: running the client in non-interactive mode
    • General operations
      • Running the analysis remotely
      • Interrupting the client
      • Generating a report
      • Forcing or avoiding specific scans
      • Excluding (and including) specific folders
      • Connecting through a proxy
    • System requirements
    • Command line parameters
      • General configuration
      • Overriding scores
      • Overriding scopes
      • Producing reports
      • Selecting scanners
      • Defining projects
      • Advanced options
        • Autofix
        • Pull Requests
      • System information
      • Specific controls
        • Maven specific controls
        • Dotnet specific controls
        • Npm/Yarn specific controls
        • Gradle specific controls
        • Ant/Ivy specific controls
    • The Dockerized Client
      • Basic usage
      • Advanced usage
        • Invoking via Docker
        • Platform-specific images
        • Usage on a CI/CD platform
        • Disable the client auto-update
      • Troubleshooting
        • Client auto update failure
        • Docker specifics
    • How scores work
    • Guide: your first scan!
      • Your first scan (java thin client)
      • Your first scan (dockerized client)
      • Your first scan (GitHub Action)
  • Scan behaviour matrix
  • THE METERIAN DASHBOARD
    • The Web Dashboard
      • Projects
      • Insights
      • Tokens
      • Badges
      • Policies
      • Tags
      • Teams
      • Configuration
        • Automatic Temporary Branches Clean-up
    • Advanced functionalities
      • Multi-factor Authentication
      • Safe versions
      • Software Bill Of Materials (SBOM)
      • Auto-grouping
        • Domain auto-grouping
        • Github auto-grouping
      • How to set a vulnerability exclusion
        • From the report page
        • From the dashboard
        • The .meterian file
        • Generate the .meterian file
    • Troubleshooting
      • Login with credentials
  • Notifications
    • Sentinel
      • Notifications for Slack
      • Notifications for Email
    • Allerta
  • Github Badges
    • Introduction
    • Public repository
    • Private repository
  • ONLINE INTEGRATIONS
    • Introduction
    • GitHub Action
      • Using the Thin Client
      • Code scanning
    • Bitbucket Pipe
    • Azure DevOps Pipelines
  • Languages support
    • Introduction
    • C/C++
      • Conan support
      • GCC / CLANG (Linux)
      • Visual Studio / CL (Windows)
    • Clojure
    • Dart / Flutter
    • Elixir (erlang)
    • Golang
    • Java/Kotlin/Scala
      • Scanning EAR or WAR files
    • Javascript
    • .NET
      • Scanning DLLs
    • NodeJS
    • Perl
    • PHP
    • Python
    • R
    • Ruby
    • Rust
    • Swift / Objective-C
    • Generic (third party)
  • Special platfoms
  • Unity Packages
  • Jupyter Notebooks
    • License detection
  • Yocto license manifests
  • Container scanner
    • Container Scanner
      • Introduction
      • General usage
      • Command line parameters
        • General configuration
        • Overriding scores
        • Producing reports
        • Defining projects
        • Advanced Options
        • System information
      • How to set a vulnerability exclusion
  • IaC SCANNER
    • Introduction
    • General usage
    • Command line parameters
      • Producing reports
      • Defining projects
    • Policy management page
    • How to set a vulnerability exclusion
  • CI INTEGRATIONS
    • Introduction
    • AWS CodeBuild
    • Azure DevOps
      • Using the Docker image
      • Using the Java Thin client
    • Bamboo
    • Bitrise
    • CircleCI
    • CodeShip
    • Concourse CI
    • Generic CI
    • GitLab CI/CD
      • Docker-in-Docker configuration
      • Meterian Docker image configuration
      • Non-Meterian Docker image configuration
    • Jenkins
      • Pipeline
    • TeamCity
    • TravisCI
  • DevOps Integrations
    • GitLab Ultimate
    • SonarQube
      • Compatibility
      • Download and installation
      • Plugin properties
      • Usage
      • Report page
  • Management Platforms
    • Threadfix
    • DefectDojo
      • Uploading from a CI
    • Armorcode
    • Jira
  • Dedicated Instance
    • Introduction
    • On Cloud (MC/CC)
    • On Premises (OP)
      • Requirements and install
      • Managing the system
        • Admin dashboard
        • Managing your license
        • Managing accounts
    • Using the scanners
      • Thin client
      • Dockerized client
      • Container Scanner
      • IaC Scanner
  • Meterian API
  • API basics
  • Authorizing the APIs
  • Account APIs
    • Knowing your account
    • Listing your projects
  • Samples
  • Guides
    • Managing teams and members
    • Generating reports via APIs
Powered by GitBook
On this page
  • Excluding folders
  • Including folders
  • Glob modifiers

Was this helpful?

  1. Codebase scanner
  2. General operations

Excluding (and including) specific folders

The standard behaviour for the Meterian client is to consider the folder where it's pointed to a project. It will look for any (supported) manifest files in such folder and will activate automatically the correct analysers. The inner folder structure is indeed opaque to the scanner, which relies on the declarations in the manifest files themselves.

Some analyzers, however, can also work recursively, looking into subfolders of the current folder. This happens with Java/Ant, Dotnet, Golang, NodeJS and others. For that reason sometimes you may need to explicitly exclude or include folders, especially in complex projects.

Excluding folders

This behaviour can be controlled across all scanners that are using it providing a set of excluded folders that such analysers will not visit, using the parameter --exclude-folders as in this example, when we exclude all the "samples" folder/subfolders:

--exclude-folders=**/samples**

The ** works across directories, while * is the general wildcard. These options allows to exclude multiple paths by separating them with a comma as in the example

--exclude-folders="**/foo**,**/baz**"

Please note that if no "glob" modifiers are used, then the system automatically translates into the above format, so that --exclude-folders=foo is equivalent to --exclude-folders="**/foo**

Note: by default hidden folders are excluded, this behaviour is achieved by having the internal glob *** set as the default value of the --exclude-folders flag. Should you want to retain this behaviour while adding your own glob patterns, simply add *** following the usual comma.

Including folders

In the same way, it's also possible to include folders, which will take precedence above any exclusion:

--include-folders="**/src**,**/main**"

Glob modifiers

These are known as "glob" patterns. This is how they are defined

  • Wildcard characters:

    • *: Matches any number of characters (including zero).

    • ?: Matches exactly one character.

    • [...]: Matches any single character within the brackets.

    • [!...]: Matches any single character not within the brackets.

  • Character classes:

    • [a-z]: Matches any lowercase letter.

    • [A-Z]: Matches any uppercase letter.

    • [0-9]: Matches any digit.

    • [:alpha:]: Matches any alphabetic character.

    • [:digit:]: Matches any digit.

    • [:alnum:]: Matches any alphanumeric character.

    • [:punct:]: Matches any punctuation character.

    • [:space:]: Matches any whitespace character.

  • Path separators:

    • /: Used on Unix-like systems.

    • \: Used on Windows.

  • Recursive matching:

    • **/: Matches any number of directories.

  • Internal:

    • ***: Matches hidden folders (whatever content within a top level hidden folder will be considered hidden as well; be it individual files or nested folders and their files)

PreviousForcing or avoiding specific scansNextConnecting through a proxy

Last updated 7 months ago

Was this helpful?