-
Notifications
You must be signed in to change notification settings - Fork 5.5k
Expand file tree
/
Copy path.gitleaks.toml
More file actions
51 lines (46 loc) · 1.43 KB
/
.gitleaks.toml
File metadata and controls
51 lines (46 loc) · 1.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# gitleaks configuration — elizaOS workspace
# SOC2 CC7.1 (monitoring) — automated secret-detection at the SCM boundary.
#
# Uses the upstream default ruleset and layers on workspace-specific allowlist
# entries. To rebuild the embedded default rules, see:
# https://github.com/gitleaks/gitleaks/blob/master/config/gitleaks.toml
title = "elizaOS gitleaks config"
[extend]
# Pull in upstream default ruleset.
useDefault = true
# Allowlists for known false positives only. Entries here MUST be reviewed —
# never add a real secret pattern. Prefer narrow path scopes over broad regexes.
[[allowlists]]
description = "Test fixtures and example placeholders"
paths = [
'''(^|/)__fixtures__/''',
'''(^|/)__mocks__/''',
'''(^|/)test/fixtures/''',
'''(^|/)tests/fixtures/''',
'''.*\.example$''',
'''\.env\.example$''',
'''\.env\.sample$''',
'''docs/.*\.mdx?$''',
]
[[allowlists]]
description = "Documented placeholder strings"
regexTarget = "match"
regexes = [
'''example\.com''',
'''0x0000000000000000000000000000000000000000''',
'''sk-XXXX''',
'''sk-test_''',
'''AKIAIOSFODNN7EXAMPLE''',
'''wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY''',
]
[[allowlists]]
description = "Generated lockfiles — hash output, not secrets"
paths = [
'''(^|/)bun\.lock$''',
'''(^|/)package-lock\.json$''',
'''(^|/)yarn\.lock$''',
'''(^|/)pnpm-lock\.yaml$''',
'''(^|/)Cargo\.lock$''',
'''(^|/)poetry\.lock$''',
'''(^|/)uv\.lock$''',
]