forked from oracle/accelerated-data-science
-
Notifications
You must be signed in to change notification settings - Fork 1
/
.gitleaks.toml
43 lines (39 loc) · 1.46 KB
/
.gitleaks.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
title = "Gitleaks Config"
# Gitleaks feature, extending the existing base config from:
# https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml
[extend]
useDefault = true
# Allowlist's 'stopwords' and 'regexes' excludes any secrets or mathching patterns from the current repository.
# Paths listed in allowlist will not be scanned.
[allowlist]
description = "Global allow list"
regexes = [
'''example-password''',
'''this-is-not-the-secret''',
'''<redacted>''',
'''security_token''',
# NVIDIA_GPGKEY_SUM from public documentation:
# https://gitlab.com/nvidia/container-images/cuda/-/blob/master/dist/10.1/centos7/base/Dockerfile
'''d0664fbbdb8c32356d45de36c5984617217b2d0bef41b93ccecd326ba3b80c87'''
]
paths = [
'''tests/integration/tests_configs.yaml'''
]
# Describe rule to search real ocids
[[rules]]
description = "Real ocids"
id = "ocid"
regex = '''ocid[123]\.[a-z1-9A-Z]*\.oc\d\.[a-z1-9A-Z]*\.[a-z1-9A-Z]+'''
keywords = [
"ocid"
]
# Describe rule to search generic secrets
[[rules]]
description = "Generic secret"
id = "generic-secret"
regex = '''(?i)((key|api|token|secret|passwd|password|psw|pass|pswd)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9a-zA-Z!@#$%^&*<>\\\-_.=]{3,100})['\"]'''
entropy = 0
secretGroup = 4
keywords = [
"key","api","token","secret","passwd","password", "psw", "pass", "pswd"
]