Directives
A skip directive is a comment that tells Trestle to ignore findings on specific lines of source code. Use one when a value is known to be safe (such as a public demo key, a placeholder, an example in documentation) or when a finding is a false positive.
The marker
The marker is the literal string trestle:skip, written at the start of a comment in the host language's usual comment syntax.
// trestle:skipA marker inside a string literal, or written after extra text inside a comment (for example // TODO: trestle:skip), is not recognized and has no effect.
On its own line
A directive on its own line covers the statement directly below it.
// trestle:skip
const API_KEY = "PUBLISHED_DEMO_KEY";For a value that spans several lines:
// trestle:skip
const config = {
apiKey: "PUBLISHED_DEMO_KEY",
region: "us-east-1",
};At the end of a code line
A directive at the end of a code line covers that statement.
const API_KEY = "PUBLISHED_DEMO_KEY"; // trestle:skipconst API_KEY = // trestle:skip
"PUBLISHED_DEMO_KEY";Excluding entire files
To exclude a whole file or directory from scanning, use skip-file-names, skip-directory-names, or skip-glob in .trestlerc.toml.