Skip to content
This repository was archived by the owner on Dec 4, 2025. It is now read-only.
This repository was archived by the owner on Dec 4, 2025. It is now read-only.

Feature Request: Add exclude-paths and incremental scan functionality #8

Open
Open
Feature Request: Add exclude-paths and incremental scan functionality#8
@kazumine-igahara-v2

Description

@kazumine-igahara-v2
kazumine-igahara-v2
opened on May 21, 2025

Description

I would like to request two important features for the CodeGuru Security GitHub Action that would significantly improve its usability for large repositories:

  1. Path exclusion functionality - Allow excluding specific directories or files from scanning
  2. Incremental scanning - Support scanning only code that has changed since the previous scan

Current Behavior

Currently, the CodeGuru Security action scans the entire repository without the ability to exclude specific paths or perform incremental scans. When attempting to use parameters like exclude-paths or incremental, the action returns an error: "Unexpected input(s) 'exclude-
paths', 'incremental', valid inputs are ['entryPoint', 'args', 'source_path', 'aws_region', 'scan_name', 'analysis_type', 'fail_on_severity']"

Desired Behavior

Path Exclusion

Add support for excluding specific paths from scanning, either through:
• An exclude-paths parameter in the action configuration
• Support for a .codeguruignore file in the repository root (similar to .gitignore)

Example usage:
yaml

  • name: CodeGuru Security
    uses: aws-actions/codeguru-security@v1
    with:
    source_path: .
    aws_region: ap-northeast-1
    exclude-paths: "wordpress/,vendor/,node_modules/**"

Incremental Scanning

Add support for incremental scanning to only analyze code that has changed since the previous scan:

yaml

  • name: CodeGuru Security
    uses: aws-actions/codeguru-security@v1
    with:
    source_path: .
    aws_region: ap-northeast-1
    incremental: true

Benefits

These features would provide several benefits:
Improved scan relevance: Focus on code that developers can actually modify
Reduced CI/CD pipeline execution time: Only scan what's necessary
Better developer experience: Faster feedback cycles
Enhanced security focus: Concentrate on self-developed code rather than third-party libraries

Additional Context

Many other code analysis tools and security scanners provide these features as standard functionality. Adding them to CodeGuru Security would bring it in line with industry standards and significantly improve its usability in real-world development workflows.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions