Once the YARA-CI application is installed in the repository that contains your
YARA rules you don’t need to do anything special. Just by installing the application
your YARA files are going to be analyzed by YARA-CI every time a change occurs in
the repository. However, you can control the way in which YARA-CI behaves by
.yara-ci.yml file to the repository’s root directory.
As the name indicates
.yara-ci.yml is a YAML file. A minimal
the default configuration for YARA-CI is shown below, this the configuration file
used when you don’t add one to your repository.
files: accept: - "**.yar" - "**.yara"
accept list is where you specify the patterns that decide which files
are analyzed by YARA-CI. By default this is all files with
extensions in all directories. Patterns are written in glob format, where single
*) stand for any number of arbitrary characters not including the
path separator (
/) and double asterisks (
**) stand for any number of characters,
including the path separator.
bar.yar, but it doesn’t match
Patterns are always matched against the file’s absolute path within the repository,
and they are analyzed by YARA-CI if the path matches at least one of the patterns
In addition to the
accept list you can use specify an
ignore list. For
example, with the configuration file shown below YARA-CI analyzes files with extensions
yara, but excludes those that are located in the
directory or any of its subdirectories, even if its extension is
files: accept: - "**.yar" - "**.yara" ignore: - "ignored_files/**"
Of course, the
ignore list can have multiple patterns, and you can even use
it without an
files: ignore: - "ignored_files/**" - "more_ignored_files/*"
accept list is not explicitly included in the configuration file, the
patterns accepted by default are
**.yara. The patterns
accept list are applied first to determine which files should be
analyzed, those passing the filter are matched against the patterns listed in
ignore, excluding those that matches any of the patterns.