Skip to content

Commit e01525e

Browse files
security-config-sync[bot]sutaakar
security-config-sync[bot]
authored and
sutaakar
committed
chore: sync semgrep.yaml from security-config
1 parent 226a2fe commit e01525e

1 file changed

Lines changed: 8 additions & 8 deletions

File tree

semgrep.yaml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ rules:
2121
# SECTION 1: GENERIC SECRETS DETECTION — Applies to all file types
2222
# ==========================================================================
2323

24-
- id: generic-hardcoded-secret
24+
- id: generic-hardcoded-secret # pragma: allowlist secret
2525
languages: [generic]
2626
severity: ERROR
2727
message: |
@@ -77,7 +77,7 @@ rules:
7777
cwe: "CWE-798"
7878
category: "security"
7979

80-
- id: generic-aws-secret-access-key
80+
- id: generic-aws-secret-access-key # pragma: allowlist secret
8181
languages: [generic]
8282
severity: ERROR
8383
message: |
@@ -361,7 +361,7 @@ rules:
361361
category: "security"
362362
note: "Not necessarily dangerous, but aggregated roles can accumulate unexpected permissions if selectors are too broad"
363363

364-
- id: k8s-rbac-secrets-cluster-access
364+
- id: k8s-rbac-secrets-cluster-access # pragma: allowlist secret
365365
languages: [yaml]
366366
severity: WARNING
367367
message: |
@@ -498,7 +498,7 @@ rules:
498498
cwe: "CWE-653"
499499
category: "security"
500500

501-
- id: k8s-secret-in-configmap
501+
- id: k8s-secret-in-configmap # pragma: allowlist secret
502502
languages: [yaml]
503503
severity: ERROR
504504
message: |
@@ -541,7 +541,7 @@ rules:
541541
cwe: "CWE-522"
542542
category: "security"
543543

544-
- id: yaml-hardcoded-secret
544+
- id: yaml-hardcoded-secret # pragma: allowlist secret
545545
languages: [yaml]
546546
severity: WARNING
547547
message: |
@@ -744,10 +744,10 @@ rules:
744744
# SECTION 4: GITHUB ACTIONS SECURITY — Workflow files
745745
# ==========================================================================
746746

747-
- id: github-actions-hardcoded-secret
747+
- id: github-actions-hardcoded-secret # pragma: allowlist secret
748748
languages: [yaml]
749749
severity: ERROR
750-
message: |
750+
message: | # pragma: allowlist secret
751751
Hardcoded secret in GitHub Actions workflow.
752752
753753
Security Risk: Secrets in workflows are visible in git history and to all collaborators.
@@ -1814,7 +1814,7 @@ rules:
18141814
metadata:
18151815
category: "security"
18161816

1817-
- id: dockerfile-secret-in-env
1817+
- id: dockerfile-secret-in-env # pragma: allowlist secret
18181818
languages: [dockerfile]
18191819
severity: ERROR
18201820
message: |

0 commit comments

Comments
 (0)