Configuration Overview

MonPhare is configured through a YAML file, environment variables, and CLI arguments.

Config File

The default config file is monphare.yaml in the project root. MonPhare also checks for monphare.yml and .monphare.yaml.

Generate a starter config:

monphare init

Validate a config file:

monphare validate

Priority

Configuration values are resolved in this order (highest priority first):

CLI arguments (e.g., --strict, --format json)
Environment variables (MONPHARE_GIT_TOKEN, MONPHARE_CONFIG, MPH_GITHUB_TOKEN, etc.)
monphare.yaml config file
Built-in defaults

Minimal Config

A minimal config that just customizes exclusions:

scan:
  exclude_patterns:
    - "**/test/**"
    - "**/.terraform/**"

Full Config

A complete configuration with all sections:

scan:
  exclude_patterns:
    - "**/test/**"
    - "**/tests/**"
    - "**/examples/**"
    - "**/.terraform/**"
  continue_on_error: false
  max_depth: 100

analysis:
  check_exact_versions: true
  check_prerelease: true
  check_upper_bound: true
  max_age_months: 12

output:
  colored: true
  verbose: false
  pretty: true

git:
  github_token: ${GITHUB_TOKEN}
  gitlab_token: ${GITLAB_TOKEN}
  azure_devops_token: ${AZURE_DEVOPS_PAT}
  bitbucket_token: ${BITBUCKET_APP_PASSWORD}
  branch: main

cache:
  enabled: true
  directory: ${HOME}/.cache/monphare/repos
  ttl_hours: 24
  max_size_mb: 1000

policies:
  require_version_constraint: true
  require_upper_bound: false
  allowed_providers:
    - hashicorp/*
    - terraform-aws-modules/*
  blocked_modules: []
  severity_overrides:
    exact-version: warning

deprecations:
  runtime:
    terraform:
      - version: "< 0.13.0"
        reason: "Legacy Terraform, migrate to v0.13+"
        severity: error
        replacement: ">= 0.13.0"
  modules: {}
  providers: {}

Environment Variable Expansion

String values in the config file support ${VAR} and $VAR syntax for environment variable expansion. If the variable is not set, the placeholder is left as-is.

git:
  github_token: ${GITHUB_TOKEN}

Sections

Scan Options -- file discovery and parsing behavior
Analysis Options -- which checks to enable
Policies -- enforcement rules and severity overrides
Deprecations -- deprecated runtimes, modules, and providers
Cache -- repository caching for remote scans

Config File​

Priority​

Minimal Config​

Full Config​

Environment Variable Expansion​

Sections​