Specify ignored paths without specifying rulesets

[lewis-jackson-bots]

Is your feature request related to a problem? Please describe.

If you wish to ignore a path for SAST scanning, you must specify every single ruleset that you want to use.

rulesets: # required
  - rule1
  - rule2
  - ...
  - rule1000
ignore:
  - "e2e/**"
  - "tests/**"

The only way to get the ruleset names appears to be to manually transcribe them from this page.

The same issue would arise if I wanted to configure any single rule.

If any new rules are added, I won't know about them or see their results.

If I don't create any config, the behaviour out-of-the-box is for SAST to apply every rule possible. This makes the tool easy to setup.

Describe the solution you'd like
I want to be able to create a config file where I ignore a path without having to specify every rule.

ignore:
  - "e2e/**"
  - "tests/**"

This should ignore the directories e2e, and tests, but still apply every rule.

Describe alternatives you've considered
Scraping this page to build a list of every possible ruleset to build a config file.

[jasonforal]

Hi, thanks for taking the time to write a clear and detailed message explaining your exact pain point.

Our team has designed a v2 schema for the configuration file (motivated by this exact limitation). We'll be moving to implementing it soon. I'll update you as we make progress.