[BUG]: Not recognising gitignore #214
Description
Describe the bug
I have tried the scan for the first time just on my Macbook with a local repo and pointing at a local domain. The app is Laravel and has a .env file, which of course is in my .gitignore. The repo was copied to the shannon directory, including the .env file and the one critical issue the scan found stated that my .env is committed to my repo, that APP_ENV=local and app_debug=true. This of course a local set up, not how it is in production. How am I best to tackle this if I just want to run the scan locally, local test domain. Can it recognise what is in .gitignore, or can I add context to a yaml to say the app is a local version?
Apologies if this isn't a bug. Just wonder how best to tackle it to avoid false-positives.
Steps to reproduce
- Run shannon on a local machine, not production server
- Point the scan at a local repo
- Point the url at a local test domain
Expected behaviour
Recognise that the repo is local and not in production.
Actual behaviour
Stated in description.
Pre-submission checklist (required)
- I have searched the existing open issues and confirmed this bug has not already been reported.
- I am running the latest released version of
shannon.
If applicable
- I have included relevant error messages, stack traces, or failure details.
- I have checked the audit logs and pasted the relevant errors.
- I have inspected the failed Temporal workflow run and included the failure reason.
- I have included clear steps to reproduce the issue.
- I have redacted any sensitive information (tokens, URLs, repo names).
Debugging details
No response
Screenshots
No response
Authentication method used
ANTHROPIC_API_KEY
Full ./shannon command with all flags used (with redactions)
No response
Are you using any experimental models or providers other than default Anthropic models?
No
If Yes, which one (model/provider)?
No response
OS (with version)
MacOS 26.3 (25D125)
Docker version ('docker -v')
4.63.0 (220185)
Additional context
No response