Jose
8bd90b8823
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 11s
Gitleaks Scan / gitleaks (push) Successful in 4s
Markdown Lint / markdown-lint (push) Successful in 4s
ai-reviews / Review PR (pull_request) Successful in 19s
PR check / Gitleaks (pull_request) Failing after 5s
PR check / lint tests (pull_request) Successful in 13s
PR check / handle_failures (pull_request) Successful in 1s
PR check / handle_success (pull_request) Has been skipped
Updated the PR check workflow to comment out the `--exclude-files` option and added a new rule in README.md to ignore placeholder secrets.
40 lines
1.1 KiB
TOML
40 lines
1.1 KiB
TOML
title = "Gitleaks Config"
|
|
|
|
# ==========================
|
|
# Allowlist / False Positive Rules
|
|
# ==========================
|
|
# [[allowlist]]
|
|
# description = "Ignore placeholder secrets in README.md"
|
|
# filepath = "README.md"
|
|
# # Add all placeholder-like patterns that trigger false positives
|
|
# regex = "cafebabe|deadbeef|DB_PASSWORD"
|
|
|
|
# [[allowlist]]
|
|
# description = "Ignore badge URLs in README"
|
|
# filepath = "README.md"
|
|
# regex = "https://img.shields.io"
|
|
|
|
# ==========================
|
|
# Rules
|
|
# ==========================
|
|
[[rules]]
|
|
id = "generic-api-key"
|
|
description = "Generic API Key"
|
|
regex = "(?i)(api[_-]?key|secret|token)=\\S+"
|
|
entropy = 3.5
|
|
|
|
[[rules]]
|
|
id = "sidekiq-secret"
|
|
description = "Sidekiq Secret"
|
|
regex = "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=\\S+"
|
|
entropy = 2.5
|
|
|
|
# ==========================
|
|
# File-specific entropy overrides
|
|
# ==========================
|
|
[[rules]]
|
|
id = "generic-api-key-docs"
|
|
description = "Ignore placeholder secrets in README.md"
|
|
regex = "(?i)(api[_-]?key|secret|token)=\\S+"
|
|
filepath = "README.md"
|
|
entropy = 10.0 # very high threshold, placeholders won't trigger |