We are sunsetting Hakiri on January 31 2022. To learn more please refer to this document.
Add hakiri.yml or .hakiri.yml file to the root of your project in order for Hakiri to pick it up on the next GitHub push. Hakiri supports several settings that it reads from this file on every scan.
You can customize the path to your app inside the repo by adding the app_path parameter to hakiri.yml:
app_path: my_dir/my_app
You can force Hakiri to use a specific file that lists dependencies with dependency_source. It currently supports the following parameters: gemfile_lock_file, gemfile_file, and gemspec_file. Here is an example of how it can be used:
dependency_source: gemspec_file
Hakiri uses Brakeman for static code analysis in Rails apps. You can turn off Brakeman scans for your branches by adding the following setting in your hakiri.yml:
brakeman:
enabled: false
You can instruct Brakeman to skip files and directories with skip_files:
brakeman:
skip_files: ['app/controllers/']
Note Brakeman does “whole program” analysis, therefore skipping a file may affect warning results from more than just that one file.
You can also collapse mass assignment warnings into one warning with collapse_mass_assignment:
brakeman:
collapse_mass_assignment: true
Marking it as false positive will only work if individual mass assignment warnings don’t change.
Here is an example of a real complete hakiri.yml from a project:
app_path: rails
dependency_source: gemfile_file
brakeman:
skip_files: ['app/controllers/admin/', 'app/controllers/hooks_controller.rb']
collapse_mass_assignment: true