Exclude Files from HackerOne Review

PreviousPullRequest Approval NextBenchmarks

Last updated 13 days ago

Exclude Files from HackerOne Review

You may wish to restrict certain files/directories from ever being reviewed by or visible to engineers in the HackerOne reviewer network.

This can be done by adding a .pullrequestignore configuration file to the root directory of your repository.

The formatting and behavior is nearly identical to a conventional . When a pull or merge request is sent to our network to be reviewed, and files involved in the code changes that meet restriction criteria will be excluded in the diff sent to us.

If all files involved in a pull or merge request is restricted per rules defined in the .pullrequestignore, it will not be sent to the network to be reviewed at all.

Example

A repository contains the following rules defined in .pullrequestignore:

packages/legacy-service/*
*.html

And a pull request is opened involving changes to the following files:

packages/new-service/Helpers.js
packages/legacy-service/Helpers.js
src/frontend/about.html
src/components/Routes/Authentication.jsx

Here's what would be visible to HackerOne reviewers:

FILE

EXPOSURE

packages/new-service/Helpers.js

✔️ VISIBLE

packages/legacy-service/Helpers.js

⛔ NOT VISIBLE

src/frontend/about.html

⛔ NOT VISIBLE

src/components/Routes/Authentication.jsx

✔️ VISIBLE

PreviousPullRequest Approval NextBenchmarks

Last updated 13 days ago