Skip to content

Scanner refinements: streaming truncation, configurable resource ceilings, path sanitization#3

Merged
howshannon merged 1 commit into
mainfrom
fix/scanner-limits
Jul 13, 2026
Merged

Scanner refinements: streaming truncation, configurable resource ceilings, path sanitization#3
howshannon merged 1 commit into
mainfrom
fix/scanner-limits

Conversation

@howshannon

Copy link
Copy Markdown
Owner

Round-2 review follow-ups. Streaming cap() (no full-input buffering); configurable TRUST_ISSUES_MAX_BYTES / MAX_FILES / STRICT with a file-count guard (exit 3 in strict mode); non-printable sanitization of displayed paths. Documents that per-file grep-size and internal wall-clock limits aren't portably enforceable in bash (use a sandbox + timeout). Deferred by design: JSON/SARIF output, full-history secret-scan CI (history is currently a single commit), and repo-settings items.

…e/byte ceilings + strict mode; sanitize displayed paths
@howshannon
howshannon merged commit 75ccc97 into main Jul 13, 2026
6 checks passed
@howshannon
howshannon deleted the fix/scanner-limits branch July 13, 2026 03:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant