You can use Spectral without any configuration needed. You may want to configure Spectral in the following cases:
- Special treatment of source root: in a given repo or folder, include specific folders, exclude others
- Scan-time ignores: ignore classes of files or detectors, or pieces of text at scan time (you can also perform ignores in your Spectral account)
- Detector inclusion or exclusion: for cases where you want to disable existing detectors, or enable experimental ones
- Output formats: you can switch output formats to JSON, JUnit, and others, which can help shape your pipeline automation
- Custom detectors: Spectral can load custom detectors that you build, and you can specify where it is in the configuration
We assume you have a copy of Spectral, if not -- check out the getting started section. Then use
spectral init to generate a base configuration.
You should now have a starter configuration layout in a special
.spectral folder like so:
You should check this folder into source control.
This is the main Spectral configuration file. It configures Spectral for:
- Input sources -- what paths to scan
- Ignores -- what to ignore and at what stage to apply ignores
- Reporter outputs -- what reporter module to activate
- Detectors -- what detectors to include and/or exclude
- Metadata -- what kind of extra functionality to activate such as masking, debug run and so on
This is where you specify what findings to ignore, things you know are a risk or things you believe are not a risk and you don't want to see in the Spectral findings report.