-
Notifications
You must be signed in to change notification settings - Fork 15
Expand file tree
/
Copy path.gitleaks.toml
More file actions
46 lines (41 loc) · 1.22 KB
/
.gitleaks.toml
File metadata and controls
46 lines (41 loc) · 1.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# .gitleaks.toml — Drainpipe project gitleaks configuration
#
# Extends the upstream default ruleset. Add [[allowlists]] entries here
# to suppress false positives specific to this project.
#
# Docs: https://github.com/gitleaks/gitleaks/tree/master#configuration
# To add a new allowlist: append an [[allowlists]] block with either
# regexes = ["..."] — regex matched against the secret value
# paths = ["..."] — Go regex matched against the file path
# commits = ["..."] — exact commit SHAs to ignore
[extend]
useDefault = true
[[allowlists]]
description = "Allow GitHub Actions secrets template expressions (not real values)"
regexes = [
'''\$\{\{[^}]*secrets\.[^}]*\}\}''',
]
[[allowlists]]
description = "Allow common placeholder and example values"
regexes = [
'''(?i)example''',
'''(?i)replace[-_.]?me''',
'''(?i)your[-_.]?key[-_.]?here''',
'''(?i)changeme''',
'''(?i)placeholder''',
'''(?i)x{8,}''',
'''(?i)no-reply@''',
]
[[allowlists]]
description = "Allow vendor and bundled third-party code"
paths = [
'''vendor/''',
'''\.yarn/releases/''',
]
[[allowlists]]
description = "Allow test fixtures and example files"
paths = [
'''tests/fixtures/''',
'''\.example$''',
'''\.example\.''',
]