Allowlist The allowlist lets you create exceptions for specific patterns, files, or rules that you don’t want flagged as violations.
List Allowlist Entries View all allowlisted patterns:
$ asymptote allowlist list Pattern Rule Reason Expires ───────────────────────────────────────────────────────────────────────── TEST_API_KEY no-hardcoded-secrets Test fixture never **/*.test.ts no-console-log Test files never src/legacy/** * Legacy code 2025-06-01
Add to Allowlist Add a pattern to the allowlist:
asymptote allowlist add < patter n > [flags]
Flag Type Description --reason <reason>string Reason for allowlisting (required) --rule <rule>string Specific rule to allowlist (default: all rules) --expires <date>string Expiration date (ISO 8601 format) --file <path>string Allowlist in a specific file only
Examples Allowlist a test API key:
asymptote allowlist add "TEST_API_KEY" --reason "Test fixture" --rule no-hardcoded-secrets
Allowlist console.log in test files:
asymptote allowlist add "**/*.test.ts" --reason "Test files" --rule no-console-log
Temporary allowlist with expiration:
asymptote allowlist add "src/legacy/**" --reason "Legacy code cleanup" --expires "2025-06-01"
$ asymptote allowlist add "TEST_API_KEY" --reason "Test fixture" ✓ Added "TEST_API_KEY" to allowlist
Remove from Allowlist Remove a pattern from the allowlist:
asymptote allowlist remove < patter n >
$ asymptote allowlist remove "TEST_API_KEY" ✓ Removed "TEST_API_KEY" from allowlist
You can also allowlist specific lines using inline comments:
// asymptote-ignore-next-line no-hardcoded-secrets const TEST_KEY = "test-api-key-12345" ;
Or for multiple lines:
// asymptote-ignore-start no-console-log console . log ( "Debug info" ); console . log ( "More debug" ); // asymptote-ignore-end
Use allowlists sparingly. Each exception is a potential security gap. Always document why something is allowlisted.
Next: Generate reports Generate security reports for your project.
