socket.yml
Optional Socket GitHub App configuration file
You can optionally configure the Socket GitHub app and CLI by adding a socket.yml
file to the root of your repo.
# top level version field is required
version: 2
projectIgnorePaths:
- ignored-folder
- foo/bar/package.json
issueRules:
unresolvedRequire: false
githubApp:
enabled: true # enable/disable the Socket.dev GitHub app entirely
pullRequestAlertsEnabled: true # enable/disable GitHub app pull request alert checks
dependencyOverviewEnabled: true # enable/disable GitHub app dependency overview comments in pull request alerts.
projectReportsEnabled: true # enable/disable Github app project report checks
ignoreUsers: ["aBotOnGitHub"]
Note
The
socket.yml
file is only supported in the root of your repo and with no other file extensions than the.yml
one.
Fields
All fields listed here are optional.
projectIgnorePaths
projectIgnorePaths
The projectIgnorePaths
key is an array of strings that are used to ignore folders or files.
The individual strings in the projectIgnorePaths
array work like .gitignore
patterns.
The following patterns are always included in the ignore array by default:
node_modules
.yarn
issueRules
issueRules
issueRules
is a map of issue names from Socket's Issues page that allows you to enable or disable issue alerts in your pull requests. Issues are identified by the url slug of the corresponding issue page. The default issues map looks like this:
issueRules:
didYouMean: true
installScripts: true
telemetry: true
troll: true
malware: true
hasNativeCode: true
shellScriptOverride: true
gitDependency: true
httpDependency: true
invalidPackageJSON: true
unresolvedRequire: true
You can disable issue by setting it's value to false. You can also enable alerts for any other issue that isn't enabled by default by setting the issue slug value to true in the issues map.
githubApp
githubApp
The githubApp
is a map of settings that correspond to the Socket GitHub app. The contained settings are described below.
githubApp.enabled
githubApp.enabled
Default: true
.
If you want the Socket GitHub app to never run on a repo and do not have org permissions to disable GitHub access to that repo, you can add a socket.yml
file to your repo and set enabled
to false.
Setting enabled
to false
will override other settings in the socket.yml
associated with the GitHub app.
githubApp.pullRequestAlertsEnabled
githubApp.pullRequestAlertsEnabled
Default: true
.
The pullRequestAlertsEnabled
field can be used to individually disable pull request alerts check runs and pull request comments generated by the Socket.dev GitHub app.
The enabled
field must be set to true
for this field to have any effect.
githubApp.dependencyOverviewEnabled
githubApp.dependencyOverviewEnabled
Default: true
.
The dependencyOverviewEnabled
field can be used to individually disable dependency overview comments in pull requests.
The enabled
and pullRequestAlertsEnabled
field must be set to true
for this field to have any effect.
githubApp.projectReportsEnabled
githubApp.projectReportsEnabled
Default: true
.
The projectReportsEnabled
field can be used to individually disable project reports check runs for commits from being generated.
The enabled
field must be set to true
for this field to have any effect.
githubApp.ignoreUsers
githubApp.ignoreUsers
Default: []
The ignoreUsers
is an optional array of strings that let you specify GitHub usernames that will prevent Pull Request Alerts from running on Pull Requests that are opened by anyone specified in this array. This can be useful in merge queues or other bot related circumstances.
Version 1 to Version 2 migration
To migrate a Version 1 socket.yml
to version 2, perform the following changes:
- Add the top level
version
key set to the value2
- Rename the
ignore
key toprojectIgnorePaths
- Rename the
issues
key toissueRules
- Move the
enabled
,projectReportsEnabled
andpullRequestAlertsEnabled
keys under a top levelgithubApp
key. - Remove the
beta
key
Existing v1 configuration files will continue to work, however newly added settings may not be accessible until you migrate your configuration to version 2. Internal details on configuration parsing can be found in the SocketDev/socket-config-js repo.
Updated 8 days ago
Learn how to ignore specific pull request alerts in Socket for GitHub: