Each validation is associated with a default severity
The following are valid values for the key ‘threshold’
Based on which threshold you would like to have your build fail, you can specify a threshold in your .talismanrc:
This example will report all Medium severity issues and higher (Potential risks that are below the threshold will be reported in the warnings)
By default, the threshold is set to low.
The severity appetite might be different in different context. You may not agree with the default assignments of severity levels in the context of your repository or business function. You can customize the security levels of the detectors provided by Talisman in the .talismanrc file:
- detector: Base64Content
- detector: HexContent
By using custom severities and a severity threshold, Talisman can be configured to alert only on what is important based on your context. This can be useful to reduce the number of false positives.