Iacbot uses a file
.soluble/config.yml in the root of your repository to control how iacbot runs.
The values in this file will override the defaults, so there is no need to specify all values in each repo. You can just add the values that you want to override.
## Not all values need to be explicitly set. # Should IacBot update your PR Status Check pr_status_enabled: true # Maxium allowable findings, above which # PR status check will fail pr_status_thresholds: critical: 0 high: 0 medium: 999 low: 999 ## Force the status check to pass. Checks will still be run. ## Effectively the same as raising thresholds to high values. pr_status_force_pass_enabled: false ## Set to true if you want IacBot to add PR comments pr_comments_enabled: true ## If set to true, a PR comment will be added, even if ## the status check passes. pr_comments_on_passed_check_enabled: false
Other configuration options available are
ignore directive takes a list of strings, which are interpreted using gitignore syntax.
ignore: - "test/**" - "some-other-file"
Note: Currently this directive only applies to assessments uploaded to Soluble. The ignore directive will not be applied to local CLI output.
suppress directive takes a list of strings that are matched against the
sid for a particular finding.
suppress: - "sid-1" - "sid-2"
Note: Currently this directive only applies to assessments uploaded to Soluble. The
suppress directive will not be applied to local CLI output.
Soluble users can also do adhoc triggering of Iacbot on any of their repositories using the trigger option available on the Repository.