Configuration
vlayer can be configured through configuration files, command-line options, or environment variables.
Configuration File
Create a .vlayerrc.json file in your project root:
{
"exclude": [
"**/node_modules/**",
"**/dist/**",
"**/*.test.ts"
],
"severity": "medium",
"format": "text",
"scanners": {
"phi": {
"enabled": true
},
"encryption": {
"enabled": true
},
"audit": {
"enabled": true
},
"access": {
"enabled": true
},
"retention": {
"enabled": true
}
}
}
Alternative Config Formats
vlayer also supports:
.vlayerrc.yaml/.vlayerrc.ymlvlayer.config.jsvlayer.config.mjspackage.json(under"vlayer"key)
YAML Example
# .vlayerrc.yaml
exclude:
- "**/node_modules/**"
- "**/dist/**"
severity: medium
scanners:
phi:
enabled: true
patterns:
ssn: true
mrn: true
encryption:
enabled: true
allowedAlgorithms:
- aes-256-gcm
JavaScript Example
// vlayer.config.js
module.exports = {
exclude: ['**/node_modules/**'],
severity: 'medium',
scanners: {
phi: { enabled: true },
encryption: { enabled: true }
}
};
Configuration Options
Global Options
| Option | Type | Default | Description |
|---|---|---|---|
exclude | string[] | ['node_modules'] | Glob patterns to exclude |
include | string[] | ['**/*'] | Glob patterns to include |
severity | string | 'low' | Minimum severity to report |
format | string | 'text' | Output format |
failOn | string | 'critical' | Exit with error if severity >= |
Scanner Options
Each scanner can be configured individually:
{
"scanners": {
"<scanner-name>": {
"enabled": true,
"exclude": [],
"options": {}
}
}
}
Environment Variables
Override configuration with environment variables:
| Variable | Description |
|---|---|
VLAYER_CONFIG | Path to config file |
VLAYER_SEVERITY | Minimum severity |
VLAYER_FORMAT | Output format |
VLAYER_FAIL_ON | Fail threshold |
VLAYER_SEVERITY=high vlayer scan .
Configuration Precedence
Configuration is merged in this order (later overrides earlier):
- Default values
- Config file (
.vlayerrc.json) - Environment variables
- Command-line arguments
See Also
- Custom YAML Rules - Define custom detection rules
- Ignore Patterns - Exclude files and findings