Set by default severity threshold
Each validation is associated with a default severity
The following are valid values for the key ‘threshold’
- low
- medium
- high
Based on which threshold you would like to have your build fail, you can specify a threshold in your .talismanrc:
threshold: medium
This example will report all Medium severity issues and higher (Potential risks that are below the threshold will be reported in the warnings)
By default, the threshold is set to low.
Configuring custom severities
The severity appetite might be different in different context. You may not agree with the default assignments of severity levels in the context of your repository or business function. You can customize the security levels of the detectors provided by Talisman in the .talismanrc file:
custom_severities:
- detector: Base64Content
severity: medium
- detector: HexContent
severity: low
By using custom severities and a severity threshold, Talisman can be configured to alert only on what is important based on your context. This can be useful to reduce the number of false positives.