Configuration

You can use Spectral without any configuration needed. You may want to configure Spectral in the following cases:

Special treatment of source root: in a given repo or folder, include specific folders, exclude others
Scan-time ignores: ignore classes of files or detectors, or pieces of text at scan time (you can also perform ignores in your Spectral account)
Detector inclusion or exclusion: for cases where you want to disable existing detectors, or enable experimental ones
Output formats: you can switch output formats to JSON, JUnit, and others, which can help shape your pipeline automation
Custom detectors: Spectral can load custom detectors that you build, and you can specify where it is in the configuration

info

We assume you have a copy of Spectral, if not -- check out the getting started section. Then use spectral init to generate a base configuration.

$ spectral init
Initialized your spectral configuration in '.spectral/'.

You should now have a starter configuration layout in a special .spectral folder like so:

$ tree .spectral
.spectral
├── ignores.yaml
├── rules
│   ├── merchants.speql.yaml
│   └── sample.yaml
└── spectral.yaml

1 directory, 4 files

You should check this folder into source control.

Spectral.yaml

This is the main Spectral configuration file. It configures Spectral for:

Input sources -- what paths to scan
Ignores -- what to ignore and at what stage to apply ignores
Reporter outputs -- what reporter module to activate
Detectors -- what detectors to include and/or exclude
Metadata -- what kind of extra functionality to activate such as masking, debug run and so on

.spectral/spectral.yaml

# you can omit the reporter section entirely (you'll get a stylish reporter by default)
reporter:
    outputs:
        stylish: {}         # nice looking CLI reports
        # stylish: { html: "output.html" }  # produce HTML reports
        # stylish: { csv: "output.csv" }  # produce CSV reports

        # log:              # use a logger
        #   json: true      # enable JSON logging
        #   file: out.json  # put output in a file

        # junit: {}        # Great for integrating with CI systems that understand JUnit XML (all of them, probably)
        # ignores: {}      # A reporter output that streams results as ignores

#
# Ignoring Matches
#
# you can specify ignores for matches that you know exist
# and acknowledge them, but you don't care about them for now.
#
# These are regex: rule_id, rule_name, match_text, path.
# To get a fingerprint, run `spectral fingerprint --text YOUR-SECRET`
#
# match_ignores:
#     ignores:
#     - match_text: MYSQL_ROOT_PASSWORD
#     - rule_id: <rule id>
#       rule_name: <rule name>
#       match_text: <rule id>
#       path: <path>
#       match_fingerprint: 79cdb7f2e0e4a96520304ff641f45f230be4f362a4a16c704730115a85fa545f

projects:
    sample:
        project:
            name: sample
        input:
            - local: .
              name: sources
            # you can add a few more. 
            # everything is relative to working directory (where you run spectral from)
            #
            # - local: nteract/node_modules
            #  name: nteract
        rules:
            roots:
            - rules      # folder(s) relative to this file
            # cherry-pick rules for these roots
            # include:
            #    tags:
            #    - node
            #    ids: []
            # exclude:
            #    tags:
            #    - node
            #    ids: []

    # add as many more projects as you like:
    # all_pythons:
      # ...

Ignores.yaml

This is where you specify what findings to ignore, things you know are a risk or things you believe are not a risk and you don't want to see in the Spectral findings report.

.spectral/ignores.yaml

# ignores known and problematic files, per rule.
# "problematic" files can be test files, mock data files and so on.
AWS0001:
    - .*create-react-context/.*

info

Spectral.yaml#

Ignores.yaml#

Spectral.yaml

Ignores.yaml