Jose/ansible_role_proxmox_provision
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs 📝: Add new rule to detect Sidekiq secret in README.md #23

Merged
Jose merged 19 commits from dev into main 2026-02-14 11:02:56 +01:00
Conversation 3 Commits 19 Files Changed 4 +11 -11
1 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 0e2a32d43e - Show all commits

22
.gitleaks.toml
View File

@@ -17,17 +17,17 @@ title = "Gitleaks Config"
# ==========================
# Rules
# ==========================
[[rules]]
id = "generic-api-key"
description = "Generic API Key"
regex = "(?i)(api[_-]?key|secret|token)=\\S+"
entropy = 3.5
# [[rules]]
# id = "generic-api-key"
# description = "Generic API Key"
# regex = "(?i)(api[_-]?key|secret|token)=\\S+"
gitea-actions commented 2026-02-14 10:34:05 +01:00
Outdated
Review
Copy Link

[Lines 20-23] [Score: 2] This rule is for detecting generic API keys (regex pattern provided) that may be hardcoded or leaked in the source code. It's a good practice to have rules like this in place to ensure sensitive data isn't accidentally exposed.

[Lines 20-23] [Score: 2] This rule is for detecting generic API keys (regex pattern provided) that may be hardcoded or leaked in the source code. It's a good practice to have rules like this in place to ensure sensitive data isn't accidentally exposed.
# entropy = 3.5
[[rules]]
id = "sidekiq-secret"
description = "Sidekiq Secret"
regex = "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=\\S+"
entropy = 2.5
# [[rules]]
# id = "sidekiq-secret"
# description = "Sidekiq Secret"
# regex = "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=\\S+"
# entropy = 2.5
gitea-actions commented 2026-02-14 10:34:05 +01:00
Outdated
Review
Copy Link

[Lines 26-30] [Score: 2] This rule is for detecting Sidekiq secrets (regex pattern provided) that may be hardcoded or leaked in the source code. It's a good practice to have rules like this in place to ensure sensitive data isn't accidentally exposed.

[Lines 26-30] [Score: 2] This rule is for detecting Sidekiq secrets (regex pattern provided) that may be hardcoded or leaked in the source code. It's a good practice to have rules like this in place to ensure sensitive data isn't accidentally exposed.
# ==========================
# File-specific entropy overrides
@@ -44,4 +44,4 @@ id = "sidekiq-secret"
description = "Sidekiq Secret in README.md"
regex = "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=\\S+"
filepath = "README.md"
gitea-actions commented 2026-02-14 10:59:06 +01:00
Review
Copy Link

[Score: 4] The high entropy value (5.0) set for Sidekiq secrets in README.md might overlook actual secrets. Consider reducing the entropy threshold to ensure sensitive information is detected.

[Score: 4] The high entropy value (5.0) set for Sidekiq secrets in README.md might overlook actual secrets. Consider reducing the entropy threshold to ensure sensitive information is detected.
entropy = 5.5
entropy = 5.0
gitea-actions commented 2026-02-14 10:34:05 +01:00
Outdated
Review
Copy Link

[Lines 42-47] [Score: 2] This rule is similar to the initial detection rule for Sidekiq secrets, but it's specific to the README.md file and has a slightly lower entropy threshold (5.5) compared to the previous rule with higher entropy. It's good to have this rule in place to ensure sensitive data isn't accidentally exposed within the README.md file.

[Lines 42-47] [Score: 2] This rule is similar to the initial detection rule for Sidekiq secrets, but it's specific to the README.md file and has a slightly lower entropy threshold (5.5) compared to the previous rule with higher entropy. It's good to have this rule in place to ensure sensitive data isn't accidentally exposed within the README.md file.