> ## Documentation Index > Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt > Use this file to discover all available pages before exploring further. # Configuration > Crypto Finder supports flexible configuration through multiple mechanisms: `scanoss.json` files, command-line flags, and environment variables. ## Configuration Priority Settings are applied in the following priority order (highest to lowest): 1. **Command-line flags** (e.g., `--api-key`, `--scanner`) 2. **Environment variables** (e.g., `SCANOSS_API_KEY`) 3. **Config file** (`~/.scanoss/crypto-finder/config.json`) 4. **Project settings** (`scanoss.json` in target directory) 5. **Default values** ## Application Configuration ### Config File Location ``` ~/.scanoss/crypto-finder/config.json ``` ### Setting Up Configuration Use the `configure` command to set persistent application settings: ```bash theme={null} # Configure API key crypto-finder configure --api-key YOUR_API_KEY # Configure custom API URL crypto-finder configure --api-url https://custom.scanoss.com # Configure both crypto-finder configure --api-key YOUR_KEY --api-url https://custom.scanoss.com ``` ### Config File Format ```json theme={null} { "api_key": "your-scanoss-api-key", "api_url": "https://api.scanoss.com" } ``` ### Environment Variables | Variable | Description | Example | | ----------------- | ----------------------------------- | ------------------------------------------- | | `SCANOSS_API_KEY` | SCANOSS API key for remote rulesets | `export SCANOSS_API_KEY=abc123` | | `SCANOSS_API_URL` | Custom API base URL | `export SCANOSS_API_URL=https://custom.com` | ## Project Configuration (scanoss.json) The `scanoss.json` file in your project directory configures scan behaviour and skip patterns. ### File Location Place `scanoss.json` in the root of the directory you are scanning: ``` your-project/ ├── scanoss.json ├── src/ └── ... ``` ### Configuration Schema Crypto Finder follows the [SCANOSS Settings Schema](scanoss-settings). ### Basic Example ```json theme={null} { "settings": { "skip": { "patterns": { "scanning": ["node_modules/", "target/", "venv/", "*.min.js"] }, "sizes": { "max_file_size": 10485760 } } } } ``` > `max_file_size` is specified in bytes. The value `10485760` corresponds to 10 MB. ## Skip Patterns Skip patterns control which files and directories are excluded from scanning. ### Default Skip Patterns The following patterns are excluded automatically: **Version control:** * `.git/` * `.svn/` * `.hg/` * `.bzr/` **Dependencies:** * `node_modules/` * `vendor/` * `venv/` * `virtualenv/` * `__pycache__/` **Build artefacts:** * `dist/` * `build/` * `target/` * `*.min.js` * `*.min.css` **Archives:** * `*.zip` * `*.tar` * `*.tar.gz` * `*.tar.bz2` * `*.jar` * `*.war` * `*.ear` **Binaries:** * `*.exe` * `*.dll` * `*.so` * `*.dylib` * `*.bin` Default skip patterns are defined in the source code. [See the current implementation](https://github.com/scanoss/crypto-finder/blob/main/internal/skip/source_defaults.go). ### Custom Skip Patterns #### Pattern Types 1. **Directory patterns** (end with `/`): ```json theme={null} { "settings": { "skip": { "patterns": { "scanning": ["custom-dir/", "temp/"] } } } } ``` 2. **File extension patterns**: ```json theme={null} { "settings": { "skip": { "patterns": { "scanning": ["*.log", "*.tmp", "*.cache"] } } } } ``` 3. **Specific file patterns**: ```json theme={null} { "settings": { "skip": { "patterns": { "scanning": ["package-lock.json", "yarn.lock"] } } } } ``` 4. **Path patterns**: ```json theme={null} { "settings": { "skip": { "patterns": { "scanning": ["src/generated/", "test/fixtures/"] } } } } ``` ### Size Limits Configure the maximum file size to scan: ```json theme={null} { "settings": { "skip": { "sizes": { "max_file_size": 10485760 } } } } ``` > `max_file_size` is specified in bytes. The value `10485760` corresponds to 10 MB. ## Advanced Configuration Examples ### Monorepo Configuration For large monorepos with multiple subprojects: ```json theme={null} { "settings": { "skip": { "patterns": { "scanning": [ "*/node_modules/", "*/dist/", "*/build/", "*/target/", "docs/", "scripts/", "*.test.js", "*.spec.ts" ] } } } } ``` ### JavaScript/TypeScript Project Configuration For projects using Node.js-based tooling: ```json theme={null} { "settings": { "skip": { "patterns": { "scanning": [ "node_modules/", "dist/", "build/", ".next/", ".nuxt/", "coverage/", "*.min.js", "*.bundle.js", "*.map" ] } } } } ``` ### Java/Python/Go Project Configuration For compiled or interpreted backend projects: ```json theme={null} { "settings": { "skip": { "patterns": { "scanning": [ "target/", "venv/", "vendor/", "__pycache__/", "*.pyc", "*.class", "*.jar" ] } } } } ``` ### CI/CD Configuration Excludes tests and generated artefacts to reduce scan scope in automated pipelines: ```json theme={null} { "settings": { "skip": { "patterns": { "scanning": [ "node_modules/", "vendor/", "venv/", "target/", "dist/", "build/", "test/", "tests/", "*.test.*", "*.spec.*", "*.min.*" ] } } } } ``` ## Scanner Configuration ### Choosing a Scanner Crypto Finder supports multiple scanners. Select a scanner using the `--scanner` flag: ```bash theme={null} # Use OpenGrep (default) crypto-finder scan /path/to/code # Use Semgrep crypto-finder scan --scanner semgrep /path/to/code ``` Valid values for `--scanner`: `opengrep`, `semgrep`. ## Language Detection ### Automatic Detection By default, Crypto Finder uses [go-enry](https://github.com/go-enry/go-enry) to detect the programming languages present in a project automatically. ### Manual Override Override detected languages when needed: ```bash theme={null} # Scan only Java and Python files crypto-finder scan --languages java,python /path/to/code # Scan a single language crypto-finder scan --languages go /path/to/code ``` ### Supported Languages The scanner includes rules for: * C/C++ * C# * Go * Java * JavaScript/TypeScript * Kotlin * PHP * Python * Ruby * Rust * Swift Additional languages may be supported. See the [rules repository](https://github.com/scanoss/crypto-finder) for the current list. Language detection ensures that only relevant rules are loaded, which improves scan performance. ## Timeout Configuration ### Default Timeout Default scan timeout: **10 minutes** ### Custom Timeout ```bash theme={null} # 30-minute timeout crypto-finder scan --timeout 30m /path/to/code # 2-hour timeout crypto-finder scan --timeout 2h /path/to/code # 90-second timeout crypto-finder scan --timeout 90s /path/to/code ``` ### Recommended Timeouts | Project size | Recommended timeout | | --------------------------- | ------------------- | | Small (\<1,000 files) | 5m | | Medium (1,000–10,000 files) | 15m | | Large (10,000–50,000 files) | 30m | | Very large (>50,000 files) | 1h+ | ## Output Configuration ### Output Destination ```bash theme={null} # Write to file crypto-finder scan --output results.json /path/to/code # Write to stdout (default) crypto-finder scan /path/to/code # Pipe to another tool crypto-finder scan /path/to/code | jq '.findings | length' ``` ### Output Format ```bash theme={null} # SCANOSS Interim JSON format (default) crypto-finder scan --format json /path/to/code # CycloneDX CBOM format crypto-finder scan --format cyclonedx /path/to/code ``` > **SCANOSS Interim JSON** is an internal format used by the SCANOSS toolchain. Use `cyclonedx` for interoperability with third-party tools that support the CycloneDX CBOM specification. ## Logging Configuration ### Verbosity Levels ```bash theme={null} # Default output crypto-finder scan /path/to/code # Verbose logging (info level) crypto-finder scan -v /path/to/code crypto-finder scan --verbose /path/to/code # Debug logging (debug-level output) crypto-finder scan -d /path/to/code crypto-finder scan --debug /path/to/code ```