chore: Add Aikido scan configuration (no-changelog) (#32195)

Co-authored-by: n8n-cat-bot[bot] <n8n-cat-bot[bot]@users.noreply.github.com>
2026-06-19 07:36:52 +00:00 · 2026-06-15 07:26:04 +00:00
parent e292779f1a
commit 4c9e42db75
1 changed files with 21 additions and 0 deletions
@@ -0,0 +1,21 @@
+# Aikido scan configuration
+# https://help.aikido.dev/code-scanning/scanning-practices/ignore-via-code-with-aikido-files
+# Path matching is plain substring against the full file path (no globs),
+# so fragment entries below act as suffix/segment wildcards.
+
+exclude:
+  paths:
+    # Machine-generated instance-AI expectation traces. Contain ephemeral
+    # credential reference IDs (nanoids) that re-trip the secrets scanner
+    # on every regeneration. No secret material.
+    - packages/testing/playwright/expectations
+
+    # Test code repo-wide. Fixtures routinely contain synthetic PEM blocks,
+    # basic-auth strings, and deliberately fake keys (including the secret
+    # scrubber's own tests). Verified 0/20 true-positive rate to date.
+    - .test.ts
+    - __tests__/
+    - /test/
+
+    # Test fixtures by convention.
+    - .fixture.ts