generated from oracle/template-repo
-
Notifications
You must be signed in to change notification settings - Fork 3
/
.gitleaks.toml
37 lines (33 loc) · 1.17 KB
/
.gitleaks.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
title = "Gitleaks Config"
# Gitleaks feature, extending the existing base config from:
# https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml
[extend]
useDefault = true
# Allowlist's 'stopwords' and 'regexes' excludes any secrets or mathching patterns from the current repository.
# Paths listed in allowlist will not be scanned.
[allowlist]
description = "Global allow list"
stopwords = ["test_password", "sample_key"]
regexes = [
'''example-password''',
'''this-is-not-the-secret''',
'''<redacted>'''
]
# Describe rule to search real ocids
[[rules]]
description = "Real ocids"
id = "ocid"
regex = '''ocid[123]\.[a-z1-9A-Z]*\.oc\d\.[a-z1-9A-Z]*\.[a-z1-9A-Z]+'''
keywords = [
"ocid"
]
# Describe rule to search generic secrets
[[rules]]
description = "Generic secret"
id = "generic-secret"
regex = '''(?i)((key|api|token|secret|passwd|password|psw|pass|pswd)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9a-zA-Z!@#$%^&*<>\\\-_.=]{3,100})['\"]'''
entropy = 0
secretGroup = 4
keywords = [
"key","api","token","secret","passwd","password", "psw", "pass", "pswd"
]