Skip to content

Configuration

Jump to bottom
gus edited this page Feb 27, 2026 · 1 revision

Configuration

Aguara can be configured per-project using a .aguara.yml file in the project root.

Generate a starter config

aguara init

This creates a .aguara.yml with sensible defaults.

File Reference

# Minimum severity to report (default: info)
severity: medium

# Exit code 1 if findings at or above this severity (CI mode)
fail_on: high

# File patterns to ignore during scanning
ignore:
  - "vendor/**"
  - "node_modules/**"
  - "*.test.md"
  - "docs/examples/**"

# Additional custom rules directory
rules_dir: ./custom-rules

# Rule-specific overrides
rule_overrides:
  CRED_004:
    severity: low          # Downgrade severity
  EXTDL_004:
    disabled: true         # Disable this rule entirely
  MCP_007:
    severity: critical     # Upgrade severity

Fields

Field Type Default Description
severity string info Minimum severity threshold for reporting
fail_on string Exit 1 if findings at or above this severity
ignore list [] Glob patterns for files/dirs to skip
rules_dir string Path to additional custom rules
rule_overrides map {} Per-rule severity overrides or disabling

Rule Overrides

Each override is keyed by rule ID:

rule_overrides:
  RULE_ID:
    severity: <new_severity>   # Optional: change severity
    disabled: true             # Optional: disable the rule

You can also disable rules via the CLI:

aguara scan . --disable-rule CRED_004,EXTDL_004

Ignore Patterns

Glob patterns that skip files during directory scanning:

ignore:
  - "vendor/**"           # All files under vendor/
  - "**/*.test.md"        # All test markdown files
  - "docs/examples/**"    # Example files

Precedence

  1. CLI flags override .aguara.yml
  2. --disable-rule is additive with config rule_overrides
  3. --severity overrides config severity
  4. --fail-on overrides config fail_on

GitHub | Releases | Aguara Watch | Go Docs

Getting Started

Usage

Rules

Developer

Reference

Clone this wiki locally