fix(ci): ignore vendor directories in trufflehog scans (#9)

sboynton-nv · web-flow · commit fce38a230c1b · 2026-05-26T12:27:40.000-07:00
* fix(ci): ignore vendor directories in trufflehog scans

Signed-off-by: Samuel Boynton &lt;sboynton@nvidia.com&gt;

* fix(ci): add headers to trufflehog-exclude-paths

Signed-off-by: Samuel Boynton &lt;sboynton@nvidia.com&gt;

---------

Signed-off-by: Samuel Boynton &lt;sboynton@nvidia.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -164,6 +164,7 @@ jobs:
         with:
           post-pr-comment: "true"
           fail-on-findings: "true"
+          extra-args: "--exclude-paths=.trufflehog-exclude-paths"
 
   security-container-scan:
     name: Container Scan (auth-callout)
diff --git a/.trufflehog-exclude-paths b/.trufflehog-exclude-paths
@@ -0,0 +1,4 @@
+# Copyright 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+(^|/)vendor/
