Jose
c9a6f0e092
Add `--config-path .gitleaks.toml` to pr-check.yaml and create a new `.gitleaks.toml` file with allowlist and rules for security scanning. Rename 'API utilities' to 'Utilities' in the README.md table.
31 lines
770 B
TOML
31 lines
770 B
TOML
title = "Gitleaks Config"
|
|
|
|
# ==========================
|
|
# Allowlist / False Positive Rules
|
|
# ==========================
|
|
# [[allowlist]]
|
|
# description = "Ignore placeholder secrets in README.md"
|
|
# filepath = "README.md"
|
|
# # Add all placeholder-like patterns that trigger false positives
|
|
# regex = "cafebabe|deadbeef|DB_PASSWORD"
|
|
|
|
[[allowlist]]
|
|
description = "Ignore badge URLs in README"
|
|
filepath = "README.md"
|
|
regex = "https://img.shields.io"
|
|
|
|
# ==========================
|
|
# Rules
|
|
# ==========================
|
|
[[rules]]
|
|
id = "generic-api-key"
|
|
description = "Generic API Key"
|
|
regex = "(?i)(api[_-]?key|secret|token)=\\S+"
|
|
entropy = 3.5
|
|
|
|
[[rules]]
|
|
id = "sidekiq-secret"
|
|
description = "Sidekiq Secret"
|
|
regex = "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=\\S+"
|
|
entropy = 2.5
|