From c3e595f1875e2a44132adc9994e61d0e20039a0b Mon Sep 17 00:00:00 2001
From: Baruch Odem <baruch.odem@checkmarx.com>
Date: Thu, 29 Feb 2024 12:41:48 +0200
Subject: [PATCH 1/5] upgrade gitleaks v8.18.0->v8.18.2

---
 docs/list-of-rules.md | 320 +++++++++++++++++++++---------------------
 go.mod                |   3 +-
 go.sum                |   4 +
 plugins/git.go        |   2 +-
 4 files changed, 167 insertions(+), 162 deletions(-)

diff --git a/docs/list-of-rules.md b/docs/list-of-rules.md
index 1ca56ae8..b5361679 100644
--- a/docs/list-of-rules.md
+++ b/docs/list-of-rules.md
@@ -5,165 +5,165 @@ Here is a complete list of all the rules that are currently implemented.
 <!-- table:start -->
 | Name | Description | Tags | Validity Check |
 | ---- | ---- | ---- | ---- |
-| adafruit-api-key | Adafruit API Key | api-key |  |
-| adobe-client-id | Adobe Client ID (OAuth Web) | client-id |  |
-| adobe-client-secret | Adobe Client Secret | client-secret |  |
-| age secret key | Age secret key | secret-key |  |
-| airtable-api-key | Airtable API Key | api-key |  |
-| algolia-api-key | Algolia API Key | api-key |  |
-| alibaba-access-key-id | Alibaba AccessKey ID | access-key,access-id | V |
-| alibaba-secret-key | Alibaba Secret Key | secret-key | V |
-| asana-client-id | Asana Client ID | client-id |  |
-| asana-client-secret | Asana Client Secret | client-secret |  |
-| atlassian-api-token | Atlassian API token | api-token |  |
-| authress-service-client-access-key | Authress Service Client Access Key | access-token |  |
-| aws-access-token | AWS | access-token |  |
-| bitbucket-client-id | Bitbucket Client ID | client-id |  |
-| bitbucket-client-secret | Bitbucket Client Secret | client-secret |  |
-| bittrex-access-key | Bittrex Access Key | access-key |  |
-| bittrex-secret-key | Bittrex Secret Key | secret-key |  |
-| beamer-api-token | Beamer API token | api-token |  |
-| codecov-access-token | Codecov Access Token | access-token |  |
-| coinbase-access-token | Coinbase Access Token | access-token |  |
-| clojars-api-token | Clojars API token | api-token |  |
-| confluent-access-token | Confluent Access Token | access-token |  |
-| confluent-secret-key | Confluent Secret Key | secret-key |  |
-| contentful-delivery-api-token | Contentful delivery API token | api-token |  |
-| databricks-api-token | Databricks API token | api-token |  |
-| datadog-access-token | Datadog Access Token | access-token,client-id |  |
-| defined-networking-api-token | Defined Networking API token | api-token |  |
-| digitalocean-pat | DigitalOcean Personal Access Token | access-token |  |
-| digitalocean-access-token | DigitalOcean OAuth Access Token | access-token |  |
-| digitalocean-refresh-token | DigitalOcean OAuth Refresh Token | refresh-token |  |
-| discord-api-token | Discord API key | api-key,api-token |  |
-| discord-client-id | Discord client ID | client-id |  |
-| discord-client-secret | Discord client secret | client-secret |  |
-| doppler-api-token | Doppler API token | api-token |  |
-| dropbox-api-token | Dropbox API secret | api-token |  |
-| dropbox-short-lived-api-token | Dropbox short lived API token | api-token |  |
-| dropbox-long-lived-api-token | Dropbox long lived API token | api-token |  |
-| droneci-access-token | Droneci Access Token | access-token |  |
-| duffel-api-token | Duffel API token | api-token |  |
-| dynatrace-api-token | Dynatrace API token | api-token |  |
-| easypost-api-token | EasyPost API token | api-token |  |
-| easypost-test-api-token | EasyPost test API token | api-token |  |
-| etsy-access-token | Etsy Access Token | access-token |  |
-| facebook | Facebook Access Token | api-token |  |
-| fastly-api-token | Fastly API key | api-token,api-key |  |
-| finicity-client-secret | Finicity Client Secret | client-secret |  |
-| finicity-api-token | Finicity API token | api-token |  |
-| flickr-access-token | Flickr Access Token | access-token |  |
-| finnhub-access-token | Finnhub Access Token | access-token |  |
-| flutterwave-public-key | Finicity Public Key | public-key |  |
-| flutterwave-secret-key | Flutterwave Secret Key | secret-key |  |
-| flutterwave-encryption-key | Flutterwave Encryption Key | encryption-key |  |
-| frameio-api-token | Frame.io API token | api-token |  |
-| freshbooks-access-token | Freshbooks Access Token | access-token |  |
-| gcp-api-key | GCP API key | api-key |  |
-| generic-api-key | Generic API Key | api-key |  |
-| github-pat | GitHub Personal Access Token | access-token | V |
-| github-fine-grained-pat | GitHub Fine-Grained Personal Access Token | access-token | V |
-| github-oauth | GitHub OAuth Access Token | access-token |  |
-| github-app-token | GitHub App Token | access-token |  |
-| github-refresh-token | GitHub Refresh Token | refresh-token |  |
-| gitlab-pat | GitLab Personal Access Token | access-token |  |
-| gitlab-ptt | GitLab Pipeline Trigger Token | trigger-token |  |
-| gitlab-rrt | GitLab Runner Registration Token | registration-token |  |
-| gitter-access-token | Gitter Access Token | access-token |  |
-| gocardless-api-token | GoCardless API token | api-token |  |
-| grafana-api-key | Grafana api key (or Grafana cloud api key) | api-key |  |
-| grafana-cloud-api-token | Grafana cloud api token | api-token |  |
-| grafana-service-account-token | Grafana service account token | access-token |  |
-| hashicorp-tf-api-token | HashiCorp Terraform user/org API token | api-token |  |
-| heroku-api-key | Heroku API Key | api-key |  |
-| hubspot-api-key | HubSpot API Token | api-token,api-key |  |
-| intercom-api-key | Intercom API Token | api-token,api-key |  |
-| jfrog-api-key | JFrog API Key | api-key |  |
-| jfrog-identity-token | JFrog Identity Token | access-token |  |
-| jwt | JSON Web Token | access-token |  |
-| kraken-access-token | Kraken Access Token | access-token |  |
-| kucoin-access-token | Kucoin Access Token | access-token |  |
-| kucoin-secret-key | Kucoin Secret Key | secret-key |  |
-| launchdarkly-access-token | Launchdarkly Access Token | access-token |  |
-| linear-api-key | Linear API Token | api-token,api-key |  |
-| linear-client-secret | Linear Client Secret | client-secret |  |
-| linkedin-client-id | LinkedIn Client ID | client-id |  |
-| linkedin-client-secret | LinkedIn Client secret | client-secret |  |
-| lob-api-key | Lob API Key | api-key |  |
-| lob-pub-api-key | Lob Publishable API Key | api-key |  |
-| mailchimp-api-key | Mailchimp API key | api-key |  |
-| mailgun-pub-key | Mailgun public validation key | public-key |  |
-| mailgun-private-api-token | Mailgun private API token | private-key |  |
-| mailgun-signing-key | Mailgun webhook signing key | api-key |  |
-| mapbox-api-token | MapBox API token | api-token |  |
-| mattermost-access-token | Mattermost Access Token | access-token |  |
-| messagebird-api-token | MessageBird API token | api-token |  |
-| messagebird-client-id | MessageBird client ID | client-id |  |
-| netlify-access-token | Netlify Access Token | access-token |  |
-| new-relic-user-api-key | New Relic user API Key | api-key |  |
-| new-relic-user-api-id | New Relic user API ID | access-id |  |
-| new-relic-browser-api-token | New Relic ingest browser API token | api-token |  |
-| npm-access-token | npm access token | access-token |  |
-| nytimes-access-token | Nytimes Access Token | access-token |  |
-| okta-access-token | Okta Access Token | access-token |  |
-| openai-api-key | OpenAI API Key | api-key |  |
-| plaid-client-id | Plaid Client ID | client-id |  |
-| plaid-secret-key | Plaid Secret key | secret-key |  |
-| plaid-api-token | Plaid API Token | api-token |  |
-| planetscale-password | PlanetScale password | password |  |
-| planetscale-api-token | PlanetScale API token | api-token |  |
-| planetscale-oauth-token | PlanetScale OAuth token | access-token |  |
-| postman-api-token | Postman API token | api-token |  |
-| prefect-api-token | Prefect API token | api-token |  |
-| private-key | Private Key | private-key |  |
-| pulumi-api-token | Pulumi API token | api-token |  |
-| pypi-upload-token | PyPI upload token | upload-token |  |
-| rapidapi-access-token | RapidAPI Access Token | access-token |  |
-| readme-api-token | Readme API token | api-token |  |
-| rubygems-api-token | Rubygem API token | api-token |  |
-| sendbird-access-id | Sendbird Access ID | access-id |  |
-| sendbird-access-token | Sendbird Access Token | access-token |  |
-| sendgrid-api-token | SendGrid API token | api-token |  |
-| sendinblue-api-token | Sendinblue API token | api-token |  |
-| sentry-access-token | Sentry Access Token | access-token |  |
-| shippo-api-token | Shippo API token | api-token |  |
-| shopify-access-token | Shopify access token | access-token |  |
-| shopify-custom-access-token | Shopify custom access token | access-token |  |
-| shopify-private-app-access-token | Shopify private app access token | access-token |  |
-| shopify-shared-secret | Shopify shared secret | public-secret |  |
-| sidekiq-secret | Sidekiq Secret | secret-key |  |
-| sidekiq-sensitive-url | Sidekiq Sensitive URL | sensitive-url |  |
-| slack-bot-token | Slack Bot token | access-token |  |
-| slack-app-token | Slack App-level token | access-token |  |
-| slack-legacy-token | Slack Legacy token | access-token |  |
-| slack-user-token | Slack User | access-token |  |
-| slack-config-access-token | Slack Configuration access token | access-token |  |
-| slack-config-refresh-token | Slack Configuration refresh token | refresh-token |  |
-| slack-legacy-bot-token | Slack Legacy bot token | access-token |  |
-| slack-legacy-workspace-token | Slack Legacy Workspace token | access-token |  |
-| slack-webhook-url | Slack Webhook | webhook |  |
-| stripe-access-token | Stripe Access Token | access-token |  |
-| square-access-token | Square Access Token | access-token |  |
-| squarespace-access-token | Squarespace Access Token | access-token |  |
-| sumologic-access-id | SumoLogic Access ID | access-id |  |
-| sumologic-access-token | SumoLogic Access Token | access-token |  |
-| snyk-api-token | Snyk API token | api-key |  |
-| microsoft-teams-webhook | Microsoft Teams Webhook | webhook |  |
-| telegram-bot-api-token | Telegram Bot API Token | api-token |  |
-| travisci-access-token | Travis CI Access Token | access-token |  |
-| twilio-api-key | Twilio API Key | api-key |  |
-| twitch-api-token | Twitch API token | api-token |  |
-| twitter-api-key | Twitter API Key | api-key |  |
-| twitter-api-secret | Twitter API Secret | api-key |  |
-| twitter-access-token | Twitter Access Token | access-token |  |
-| twitter-access-secret | Twitter Access Secret | public-secret |  |
-| twitter-bearer-token | Twitter Bearer Token | api-token |  |
-| typeform-api-token | Typeform API token | api-token |  |
-| vault-batch-token | Vault Batch Token | api-token |  |
-| vault-service-token | Vault Service Token | api-token |  |
-| yandex-api-key | Yandex API Key | api-key |  |
-| yandex-aws-access-token | Yandex AWS Access Token | access-token |  |
-| yandex-access-token | Yandex Access Token | access-token |  |
-| zendesk-secret-key | Zendesk Secret Key | secret-key |  |
+| adafruit-api-key | Identified a potential Adafruit API Key, which could lead to unauthorized access to Adafruit services and sensitive data exposure. | api-key |  |
+| adobe-client-id | Detected a pattern that resembles an Adobe OAuth Web Client ID, posing a risk of compromised Adobe integrations and data breaches. | client-id |  |
+| adobe-client-secret | Discovered a potential Adobe Client Secret, which, if exposed, could allow unauthorized Adobe service access and data manipulation. | client-secret |  |
+| age secret key | Discovered a potential Age encryption tool secret key, risking data decryption and unauthorized access to sensitive information. | secret-key |  |
+| airtable-api-key | Uncovered a possible Airtable API Key, potentially compromising database access and leading to data leakage or alteration. | api-key |  |
+| algolia-api-key | Identified an Algolia API Key, which could result in unauthorized search operations and data exposure on Algolia-managed platforms. | api-key |  |
+| alibaba-access-key-id | Detected an Alibaba Cloud AccessKey ID, posing a risk of unauthorized cloud resource access and potential data compromise. | access-key,access-id | V |
+| alibaba-secret-key | Discovered a potential Alibaba Cloud Secret Key, potentially allowing unauthorized operations and data access within Alibaba Cloud. | secret-key | V |
+| asana-client-id | Discovered a potential Asana Client ID, risking unauthorized access to Asana projects and sensitive task information. | client-id |  |
+| asana-client-secret | Identified an Asana Client Secret, which could lead to compromised project management integrity and unauthorized access. | client-secret |  |
+| atlassian-api-token | Detected an Atlassian API token, posing a threat to project management and collaboration tool security and data confidentiality. | api-token |  |
+| authress-service-client-access-key | Uncovered a possible Authress Service Client Access Key, which may compromise access control services and sensitive data. | access-token |  |
+| aws-access-token | Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms. | access-token |  |
+| bitbucket-client-id | Discovered a potential Bitbucket Client ID, risking unauthorized repository access and potential codebase exposure. | client-id |  |
+| bitbucket-client-secret | Discovered a potential Bitbucket Client Secret, posing a risk of compromised code repositories and unauthorized access. | client-secret |  |
+| bittrex-access-key | Identified a Bittrex Access Key, which could lead to unauthorized access to cryptocurrency trading accounts and financial loss. | access-key |  |
+| bittrex-secret-key | Detected a Bittrex Secret Key, potentially compromising cryptocurrency transactions and financial security. | secret-key |  |
+| beamer-api-token | Detected a Beamer API token, potentially compromising content management and exposing sensitive notifications and updates. | api-token |  |
+| codecov-access-token | Found a pattern resembling a Codecov Access Token, posing a risk of unauthorized access to code coverage reports and sensitive data. | access-token |  |
+| coinbase-access-token | Detected a Coinbase Access Token, posing a risk of unauthorized access to cryptocurrency accounts and financial transactions. | access-token |  |
+| clojars-api-token | Uncovered a possible Clojars API token, risking unauthorized access to Clojure libraries and potential code manipulation. | api-token |  |
+| confluent-access-token | Identified a Confluent Access Token, which could compromise access to streaming data platforms and sensitive data flow. | access-token |  |
+| confluent-secret-key | Found a Confluent Secret Key, potentially risking unauthorized operations and data access within Confluent services. | secret-key |  |
+| contentful-delivery-api-token | Discovered a Contentful delivery API token, posing a risk to content management systems and data integrity. | api-token |  |
+| databricks-api-token | Uncovered a Databricks API token, which may compromise big data analytics platforms and sensitive data processing. | api-token |  |
+| datadog-access-token | Detected a Datadog Access Token, potentially risking monitoring and analytics data exposure and manipulation. | access-token,client-id |  |
+| defined-networking-api-token | Identified a Defined Networking API token, which could lead to unauthorized network operations and data breaches. | api-token |  |
+| digitalocean-pat | Discovered a DigitalOcean Personal Access Token, posing a threat to cloud infrastructure security and data privacy. | access-token |  |
+| digitalocean-access-token | Found a DigitalOcean OAuth Access Token, risking unauthorized cloud resource access and data compromise. | access-token |  |
+| digitalocean-refresh-token | Uncovered a DigitalOcean OAuth Refresh Token, which could allow prolonged unauthorized access and resource manipulation. | refresh-token |  |
+| discord-api-token | Detected a Discord API key, potentially compromising communication channels and user data privacy on Discord. | api-key,api-token |  |
+| discord-client-id | Identified a Discord client ID, which may lead to unauthorized integrations and data exposure in Discord applications. | client-id |  |
+| discord-client-secret | Discovered a potential Discord client secret, risking compromised Discord bot integrations and data leaks. | client-secret |  |
+| doppler-api-token | Discovered a Doppler API token, posing a risk to environment and secrets management security. | api-token |  |
+| dropbox-api-token | Identified a Dropbox API secret, which could lead to unauthorized file access and data breaches in Dropbox storage. | api-token |  |
+| dropbox-short-lived-api-token | Discovered a Dropbox short-lived API token, posing a risk of temporary but potentially harmful data access and manipulation. | api-token |  |
+| dropbox-long-lived-api-token | Found a Dropbox long-lived API token, risking prolonged unauthorized access to cloud storage and sensitive data. | api-token |  |
+| droneci-access-token | Detected a Droneci Access Token, potentially compromising continuous integration and deployment workflows. | access-token |  |
+| duffel-api-token | Uncovered a Duffel API token, which may compromise travel platform integrations and sensitive customer data. | api-token |  |
+| dynatrace-api-token | Detected a Dynatrace API token, potentially risking application performance monitoring and data exposure. | api-token |  |
+| easypost-api-token | Identified an EasyPost API token, which could lead to unauthorized postal and shipment service access and data exposure. | api-token |  |
+| easypost-test-api-token | Detected an EasyPost test API token, risking exposure of test environments and potentially sensitive shipment data. | api-token |  |
+| etsy-access-token | Found an Etsy Access Token, potentially compromising Etsy shop management and customer data. | access-token |  |
+| facebook | Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure. | api-token |  |
+| fastly-api-token | Uncovered a Fastly API key, which may compromise CDN and edge cloud services, leading to content delivery and security issues. | api-token,api-key |  |
+| finicity-client-secret | Identified a Finicity Client Secret, which could lead to compromised financial service integrations and data breaches. | client-secret |  |
+| finicity-api-token | Detected a Finicity API token, potentially risking financial data access and unauthorized financial operations. | api-token |  |
+| flickr-access-token | Discovered a Flickr Access Token, posing a risk of unauthorized photo management and potential data leakage. | access-token |  |
+| finnhub-access-token | Found a Finnhub Access Token, risking unauthorized access to financial market data and analytics. | access-token |  |
+| flutterwave-public-key | Detected a Finicity Public Key, potentially exposing public cryptographic operations and integrations. | public-key |  |
+| flutterwave-secret-key | Identified a Flutterwave Secret Key, risking unauthorized financial transactions and data breaches. | secret-key |  |
+| flutterwave-encryption-key | Uncovered a Flutterwave Encryption Key, which may compromise payment processing and sensitive financial information. | encryption-key |  |
+| frameio-api-token | Found a Frame.io API token, potentially compromising video collaboration and project management. | api-token |  |
+| freshbooks-access-token | Discovered a Freshbooks Access Token, posing a risk to accounting software access and sensitive financial data exposure. | access-token |  |
+| gcp-api-key | Uncovered a GCP API key, which could lead to unauthorized access to Google Cloud services and data breaches. | api-key |  |
+| generic-api-key | Detected a Generic API Key, potentially exposing access to various services and sensitive operations. | api-key |  |
+| github-pat | Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure. | access-token | V |
+| github-fine-grained-pat | Found a GitHub Fine-Grained Personal Access Token, risking unauthorized repository access and code manipulation. | access-token | V |
+| github-oauth | Discovered a GitHub OAuth Access Token, posing a risk of compromised GitHub account integrations and data leaks. | access-token |  |
+| github-app-token | Identified a GitHub App Token, which may compromise GitHub application integrations and source code security. | access-token |  |
+| github-refresh-token | Detected a GitHub Refresh Token, which could allow prolonged unauthorized access to GitHub services. | refresh-token |  |
+| gitlab-pat | Identified a GitLab Personal Access Token, risking unauthorized access to GitLab repositories and codebase exposure. | access-token |  |
+| gitlab-ptt | Found a GitLab Pipeline Trigger Token, potentially compromising continuous integration workflows and project security. | trigger-token |  |
+| gitlab-rrt | Discovered a GitLab Runner Registration Token, posing a risk to CI/CD pipeline integrity and unauthorized access. | registration-token |  |
+| gitter-access-token | Uncovered a Gitter Access Token, which may lead to unauthorized access to chat and communication services. | access-token |  |
+| gocardless-api-token | Detected a GoCardless API token, potentially risking unauthorized direct debit payment operations and financial data exposure. | api-token |  |
+| grafana-api-key | Identified a Grafana API key, which could compromise monitoring dashboards and sensitive data analytics. | api-key |  |
+| grafana-cloud-api-token | Found a Grafana cloud API token, risking unauthorized access to cloud-based monitoring services and data exposure. | api-token |  |
+| grafana-service-account-token | Discovered a Grafana service account token, posing a risk of compromised monitoring services and data integrity. | access-token |  |
+| hashicorp-tf-api-token | Uncovered a HashiCorp Terraform user/org API token, which may lead to unauthorized infrastructure management and security breaches. | api-token |  |
+| heroku-api-key | Detected a Heroku API Key, potentially compromising cloud application deployments and operational security. | api-key |  |
+| hubspot-api-key | Found a HubSpot API Token, posing a risk to CRM data integrity and unauthorized marketing operations. | api-token,api-key |  |
+| intercom-api-key | Identified an Intercom API Token, which could compromise customer communication channels and data privacy. | api-token,api-key |  |
+| jfrog-api-key | Found a JFrog API Key, posing a risk of unauthorized access to software artifact repositories and build pipelines. | api-key |  |
+| jfrog-identity-token | Discovered a JFrog Identity Token, potentially compromising access to JFrog services and sensitive software artifacts. | access-token |  |
+| jwt | Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. | access-token |  |
+| kraken-access-token | Identified a Kraken Access Token, potentially compromising cryptocurrency trading accounts and financial security. | access-token |  |
+| kucoin-access-token | Found a Kucoin Access Token, risking unauthorized access to cryptocurrency exchange services and transactions. | access-token |  |
+| kucoin-secret-key | Discovered a Kucoin Secret Key, which could lead to compromised cryptocurrency operations and financial data breaches. | secret-key |  |
+| launchdarkly-access-token | Uncovered a Launchdarkly Access Token, potentially compromising feature flag management and application functionality. | access-token |  |
+| linear-api-key | Detected a Linear API Token, posing a risk to project management tools and sensitive task data. | api-token,api-key |  |
+| linear-client-secret | Identified a Linear Client Secret, which may compromise secure integrations and sensitive project management data. | client-secret |  |
+| linkedin-client-id | Found a LinkedIn Client ID, risking unauthorized access to LinkedIn integrations and professional data exposure. | client-id |  |
+| linkedin-client-secret | Discovered a LinkedIn Client secret, potentially compromising LinkedIn application integrations and user data. | client-secret |  |
+| lob-api-key | Uncovered a Lob API Key, which could lead to unauthorized access to mailing and address verification services. | api-key |  |
+| lob-pub-api-key | Detected a Lob Publishable API Key, posing a risk of exposing mail and print service integrations. | api-key |  |
+| mailchimp-api-key | Identified a Mailchimp API key, potentially compromising email marketing campaigns and subscriber data. | api-key |  |
+| mailgun-pub-key | Discovered a Mailgun public validation key, which could expose email verification processes and associated data. | public-key |  |
+| mailgun-private-api-token | Found a Mailgun private API token, risking unauthorized email service operations and data breaches. | private-key |  |
+| mailgun-signing-key | Uncovered a Mailgun webhook signing key, potentially compromising email automation and data integrity. | api-key |  |
+| mapbox-api-token | Detected a MapBox API token, posing a risk to geospatial services and sensitive location data exposure. | api-token |  |
+| mattermost-access-token | Identified a Mattermost Access Token, which may compromise team communication channels and data privacy. | access-token |  |
+| messagebird-api-token | Found a MessageBird API token, risking unauthorized access to communication platforms and message data. | api-token |  |
+| messagebird-client-id | Discovered a MessageBird client ID, potentially compromising API integrations and sensitive communication data. | client-id |  |
+| netlify-access-token | Detected a Netlify Access Token, potentially compromising web hosting services and site management. | access-token |  |
+| new-relic-user-api-key | Discovered a New Relic user API Key, which could lead to compromised application insights and performance monitoring. | api-key |  |
+| new-relic-user-api-id | Found a New Relic user API ID, posing a risk to application monitoring services and data integrity. | access-id |  |
+| new-relic-browser-api-token | Identified a New Relic ingest browser API token, risking unauthorized access to application performance data and analytics. | api-token |  |
+| npm-access-token | Uncovered an npm access token, potentially compromising package management and code repository access. | access-token |  |
+| nytimes-access-token | Detected a Nytimes Access Token, risking unauthorized access to New York Times APIs and content services. | access-token |  |
+| okta-access-token | Identified an Okta Access Token, which may compromise identity management services and user authentication data. | access-token |  |
+| openai-api-key | Found an OpenAI API Key, posing a risk of unauthorized access to AI services and data manipulation. | api-key |  |
+| plaid-client-id | Uncovered a Plaid Client ID, which could lead to unauthorized financial service integrations and data breaches. | client-id |  |
+| plaid-secret-key | Detected a Plaid Secret key, risking unauthorized access to financial accounts and sensitive transaction data. | secret-key |  |
+| plaid-api-token | Discovered a Plaid API Token, potentially compromising financial data aggregation and banking services. | api-token |  |
+| planetscale-password | Discovered a PlanetScale password, which could lead to unauthorized database operations and data breaches. | password |  |
+| planetscale-api-token | Identified a PlanetScale API token, potentially compromising database management and operations. | api-token |  |
+| planetscale-oauth-token | Found a PlanetScale OAuth token, posing a risk to database access control and sensitive data integrity. | access-token |  |
+| postman-api-token | Uncovered a Postman API token, potentially compromising API testing and development workflows. | api-token |  |
+| prefect-api-token | Detected a Prefect API token, risking unauthorized access to workflow management and automation services. | api-token |  |
+| private-key | Identified a Private Key, which may compromise cryptographic security and sensitive data encryption. | private-key |  |
+| pulumi-api-token | Found a Pulumi API token, posing a risk to infrastructure as code services and cloud resource management. | api-token |  |
+| pypi-upload-token | Discovered a PyPI upload token, potentially compromising Python package distribution and repository integrity. | upload-token |  |
+| rapidapi-access-token | Uncovered a RapidAPI Access Token, which could lead to unauthorized access to various APIs and data services. | access-token |  |
+| readme-api-token | Detected a Readme API token, risking unauthorized documentation management and content exposure. | api-token |  |
+| rubygems-api-token | Identified a Rubygem API token, potentially compromising Ruby library distribution and package management. | api-token |  |
+| sendbird-access-id | Discovered a Sendbird Access ID, which could compromise chat and messaging platform integrations. | access-id |  |
+| sendbird-access-token | Uncovered a Sendbird Access Token, potentially risking unauthorized access to communication services and user data. | access-token |  |
+| sendgrid-api-token | Detected a SendGrid API token, posing a risk of unauthorized email service operations and data exposure. | api-token |  |
+| sendinblue-api-token | Identified a Sendinblue API token, which may compromise email marketing services and subscriber data privacy. | api-token |  |
+| sentry-access-token | Found a Sentry Access Token, risking unauthorized access to error tracking services and sensitive application data. | access-token |  |
+| shippo-api-token | Discovered a Shippo API token, potentially compromising shipping services and customer order data. | api-token |  |
+| shopify-access-token | Uncovered a Shopify access token, which could lead to unauthorized e-commerce platform access and data breaches. | access-token |  |
+| shopify-custom-access-token | Detected a Shopify custom access token, potentially compromising custom app integrations and e-commerce data security. | access-token |  |
+| shopify-private-app-access-token | Identified a Shopify private app access token, risking unauthorized access to private app data and store operations. | access-token |  |
+| shopify-shared-secret | Found a Shopify shared secret, posing a risk to application authentication and e-commerce platform security. | public-secret |  |
+| sidekiq-secret | Discovered a Sidekiq Secret, which could lead to compromised background job processing and application data breaches. | secret-key |  |
+| sidekiq-sensitive-url | Uncovered a Sidekiq Sensitive URL, potentially exposing internal job queues and sensitive operation details. | sensitive-url |  |
+| slack-bot-token | Identified a Slack Bot token, which may compromise bot integrations and communication channel security. | access-token |  |
+| slack-app-token | Detected a Slack App-level token, risking unauthorized access to Slack applications and workspace data. | access-token |  |
+| slack-legacy-token | Detected a Slack Legacy token, risking unauthorized access to older Slack integrations and user data. | access-token |  |
+| slack-user-token | Found a Slack User token, posing a risk of unauthorized user impersonation and data access within Slack workspaces. | access-token |  |
+| slack-config-access-token | Found a Slack Configuration access token, posing a risk to workspace configuration and sensitive data access. | access-token |  |
+| slack-config-refresh-token | Discovered a Slack Configuration refresh token, potentially allowing prolonged unauthorized access to configuration settings. | refresh-token |  |
+| slack-legacy-bot-token | Uncovered a Slack Legacy bot token, which could lead to compromised legacy bot operations and data exposure. | access-token |  |
+| slack-legacy-workspace-token | Identified a Slack Legacy Workspace token, potentially compromising access to workspace data and legacy features. | access-token |  |
+| slack-webhook-url | Discovered a Slack Webhook, which could lead to unauthorized message posting and data leakage in Slack channels. | webhook |  |
+| stripe-access-token | Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data. | access-token |  |
+| square-access-token | Detected a Square Access Token, risking unauthorized payment processing and financial transaction exposure. | access-token |  |
+| squarespace-access-token | Identified a Squarespace Access Token, which may compromise website management and content control on Squarespace. | access-token |  |
+| sumologic-access-id | Discovered a SumoLogic Access ID, potentially compromising log management services and data analytics integrity. | access-id |  |
+| sumologic-access-token | Uncovered a SumoLogic Access Token, which could lead to unauthorized access to log data and analytics insights. | access-token |  |
+| snyk-api-token | Uncovered a Snyk API token, potentially compromising software vulnerability scanning and code security. | api-key |  |
+| microsoft-teams-webhook | Uncovered a Microsoft Teams Webhook, which could lead to unauthorized access to team collaboration tools and data leaks. | webhook |  |
+| telegram-bot-api-token | Detected a Telegram Bot API Token, risking unauthorized bot operations and message interception on Telegram. | api-token |  |
+| travisci-access-token | Identified a Travis CI Access Token, potentially compromising continuous integration services and codebase security. | access-token |  |
+| twilio-api-key | Found a Twilio API Key, posing a risk to communication services and sensitive customer interaction data. | api-key |  |
+| twitch-api-token | Discovered a Twitch API token, which could compromise streaming services and account integrations. | api-token |  |
+| twitter-api-key | Identified a Twitter API Key, which may compromise Twitter application integrations and user data security. | api-key |  |
+| twitter-api-secret | Found a Twitter API Secret, risking the security of Twitter app integrations and sensitive data access. | api-key |  |
+| twitter-access-token | Detected a Twitter Access Token, posing a risk of unauthorized account operations and social media data exposure. | access-token |  |
+| twitter-access-secret | Uncovered a Twitter Access Secret, potentially risking unauthorized Twitter integrations and data breaches. | public-secret |  |
+| twitter-bearer-token | Discovered a Twitter Bearer Token, potentially compromising API access and data retrieval from Twitter. | api-token |  |
+| typeform-api-token | Uncovered a Typeform API token, which could lead to unauthorized survey management and data collection. | api-token |  |
+| vault-batch-token | Detected a Vault Batch Token, risking unauthorized access to secret management services and sensitive data. | api-token |  |
+| vault-service-token | Identified a Vault Service Token, potentially compromising infrastructure security and access to sensitive credentials. | api-token |  |
+| yandex-api-key | Discovered a Yandex API Key, which could lead to unauthorized access to Yandex services and data manipulation. | api-key |  |
+| yandex-aws-access-token | Uncovered a Yandex AWS Access Token, potentially compromising cloud resource access and data security on Yandex Cloud. | access-token |  |
+| yandex-access-token | Found a Yandex Access Token, posing a risk to Yandex service integrations and user data privacy. | access-token |  |
+| zendesk-secret-key | Detected a Zendesk Secret Key, risking unauthorized access to customer support services and sensitive ticketing data. | secret-key |  |
 | authenticated-url | Identify username:password inside URLS | sensitive-url |  |
 <!-- table:end -->
diff --git a/go.mod b/go.mod
index 4274bb5c..347e8504 100644
--- a/go.mod
+++ b/go.mod
@@ -11,12 +11,13 @@ require (
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.15.0
 	github.com/stretchr/testify v1.8.1
-	github.com/zricethezav/gitleaks/v8 v8.18.0
+	github.com/zricethezav/gitleaks/v8 v8.18.2
 	golang.org/x/time v0.1.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
+	github.com/BobuSumisu/aho-corasick v1.0.3 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/charmbracelet/lipgloss v0.7.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
diff --git a/go.sum b/go.sum
index e885b7b6..ef8097fe 100644
--- a/go.sum
+++ b/go.sum
@@ -36,6 +36,8 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/BobuSumisu/aho-corasick v1.0.3 h1:uuf+JHwU9CHP2Vx+wAy6jcksJThhJS9ehR8a+4nPE9g=
+github.com/BobuSumisu/aho-corasick v1.0.3/go.mod h1:hm4jLcvZKI2vRF2WDU1N4p/jpWtpOzp3nLmi9AzX/XE=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
@@ -229,6 +231,8 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/zricethezav/gitleaks/v8 v8.18.0 h1:+zXcDpHATT9E/eA9UZqcKNW/O1mg882NLmO/6z4CFK0=
 github.com/zricethezav/gitleaks/v8 v8.18.0/go.mod h1:JulwKdEMpiOxVFQxZFFixY51QzDZPn1xJ1/p7YqX4hQ=
+github.com/zricethezav/gitleaks/v8 v8.18.2 h1:slo/sMmgs3qA+6Vv6iqVhsCv+gsl3RekQXqDN0M4g5M=
+github.com/zricethezav/gitleaks/v8 v8.18.2/go.mod h1:8F5GrdCpEtyN5R+0MKPubbOPqIHptNckH3F7bYrhT+Y=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
diff --git a/plugins/git.go b/plugins/git.go
index bef5935a..f6d1c10e 100644
--- a/plugins/git.go
+++ b/plugins/git.go
@@ -10,7 +10,7 @@ import (
 	"github.com/gitleaks/go-gitdiff/gitdiff"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
-	"github.com/zricethezav/gitleaks/v8/detect/git"
+	git "github.com/zricethezav/gitleaks/v8/sources"
 )
 
 const (

From 02600ee71cf561fa3476969fbde74fc39027b217 Mon Sep 17 00:00:00 2001
From: Baruch Odem <baruch.odem@checkmarx.com>
Date: Thu, 29 Feb 2024 12:42:43 +0200
Subject: [PATCH 2/5] refactor rules list

---
 .ci/check_new_rules.go |   7 +-
 engine/rules/rules.go  | 328 ++++++++++++++++++++---------------------
 2 files changed, 169 insertions(+), 166 deletions(-)

diff --git a/.ci/check_new_rules.go b/.ci/check_new_rules.go
index 65d72eb1..49131327 100644
--- a/.ci/check_new_rules.go
+++ b/.ci/check_new_rules.go
@@ -11,9 +11,8 @@ import (
 )
 
 var (
-	// regexGitleaksRules = regexp.MustCompile(`^[^/\n\r]\s*rules\.([a-zA-Z0-9_]+)\(`)
 	regexGitleaksRules = regexp.MustCompile(`(?m)^[^/\n\r]\s*rules\.([a-zA-Z0-9_]+)\(`)
-	regex2msRules      = regexp.MustCompile(`allRules\s*=\s*append\(allRules,\s*Rule{Rule:\s*\*rules\.([a-zA-Z0-9_]+)\(\),`)
+	regex2msRules      = regexp.MustCompile(`(?m)^[^/\n\r]\s*{Rule:\s*\*rules\.([a-zA-Z0-9_]+)\(\),`)
 )
 
 func main() {
@@ -44,6 +43,10 @@ func main() {
 		os.Exit(1)
 	}
 	match2msRules := regex2msRules.FindAllStringSubmatch(string(ourRules), -1)
+	if len(match2msRules) == 0 {
+		fmt.Println("No rules found in 2ms.")
+		os.Exit(1)
+	}
 	fmt.Printf("Total rules in 2ms: %d\n", len(match2msRules))
 
 	map2msRules := make(map[string]bool)
diff --git a/engine/rules/rules.go b/engine/rules/rules.go
index cb55617c..61793288 100644
--- a/engine/rules/rules.go
+++ b/engine/rules/rules.go
@@ -28,171 +28,171 @@ const TagSensitiveUrl = "sensitive-url"
 const TagWebhook = "webhook"
 
 func getDefaultRules() *[]Rule {
-	allRules := make([]Rule, 0)
-
-	allRules = append(allRules, Rule{Rule: *rules.AdafruitAPIKey(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.AdobeClientID(), Tags: []string{TagClientId}})
-	allRules = append(allRules, Rule{Rule: *rules.AdobeClientSecret(), Tags: []string{TagClientSecret}})
-	allRules = append(allRules, Rule{Rule: *rules.AgeSecretKey(), Tags: []string{TagSecretKey}})
-	allRules = append(allRules, Rule{Rule: *rules.Airtable(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.AlgoliaApiKey(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.AlibabaAccessKey(), Tags: []string{TagAccessKey, TagAccessId}})
-	allRules = append(allRules, Rule{Rule: *rules.AlibabaSecretKey(), Tags: []string{TagSecretKey}})
-	allRules = append(allRules, Rule{Rule: *rules.AsanaClientID(), Tags: []string{TagClientId}})
-	allRules = append(allRules, Rule{Rule: *rules.AsanaClientSecret(), Tags: []string{TagClientSecret}})
-	allRules = append(allRules, Rule{Rule: *rules.Atlassian(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.Authress(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.AWS(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.BitBucketClientID(), Tags: []string{TagClientId}})
-	allRules = append(allRules, Rule{Rule: *rules.BitBucketClientSecret(), Tags: []string{TagClientSecret}})
-	allRules = append(allRules, Rule{Rule: *rules.BittrexAccessKey(), Tags: []string{TagAccessKey}})
-	allRules = append(allRules, Rule{Rule: *rules.BittrexSecretKey(), Tags: []string{TagSecretKey}})
-	allRules = append(allRules, Rule{Rule: *rules.Beamer(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.CodecovAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.CoinbaseAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.Clojars(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.ConfluentAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.ConfluentSecretKey(), Tags: []string{TagSecretKey}})
-	allRules = append(allRules, Rule{Rule: *rules.Contentful(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.Databricks(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.DatadogtokenAccessToken(), Tags: []string{TagAccessToken, TagClientId}})
-	allRules = append(allRules, Rule{Rule: *rules.DefinedNetworkingAPIToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.DigitalOceanPAT(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.DigitalOceanOAuthToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.DigitalOceanRefreshToken(), Tags: []string{TagRefreshToken}})
-	allRules = append(allRules, Rule{Rule: *rules.DiscordAPIToken(), Tags: []string{TagApiKey, TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.DiscordClientID(), Tags: []string{TagClientId}})
-	allRules = append(allRules, Rule{Rule: *rules.DiscordClientSecret(), Tags: []string{TagClientSecret}})
-	allRules = append(allRules, Rule{Rule: *rules.Doppler(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.DropBoxAPISecret(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.DropBoxShortLivedAPIToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.DropBoxLongLivedAPIToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.DroneciAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.Duffel(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.Dynatrace(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.EasyPost(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.EasyPostTestAPI(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.EtsyAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.Facebook(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.FastlyAPIToken(), Tags: []string{TagApiToken, TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.FinicityClientSecret(), Tags: []string{TagClientSecret}})
-	allRules = append(allRules, Rule{Rule: *rules.FinicityAPIToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.FlickrAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.FinnhubAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.FlutterwavePublicKey(), Tags: []string{TagPublicKey}})
-	allRules = append(allRules, Rule{Rule: *rules.FlutterwaveSecretKey(), Tags: []string{TagSecretKey}})
-	allRules = append(allRules, Rule{Rule: *rules.FlutterwaveEncKey(), Tags: []string{TagEncryptionKey}})
-	allRules = append(allRules, Rule{Rule: *rules.FrameIO(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.FreshbooksAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.GCPAPIKey(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.GenericCredential(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.GitHubPat(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.GitHubFineGrainedPat(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.GitHubOauth(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.GitHubApp(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.GitHubRefresh(), Tags: []string{TagRefreshToken}})
-	allRules = append(allRules, Rule{Rule: *rules.GitlabPat(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.GitlabPipelineTriggerToken(), Tags: []string{TagTriggerToken}})
-	allRules = append(allRules, Rule{Rule: *rules.GitlabRunnerRegistrationToken(), Tags: []string{TagRegistrationToken}})
-	allRules = append(allRules, Rule{Rule: *rules.GitterAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.GoCardless(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.GrafanaApiKey(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.GrafanaCloudApiToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.GrafanaServiceAccountToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.Hashicorp(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.Heroku(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.HubSpot(), Tags: []string{TagApiToken, TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.Intercom(), Tags: []string{TagApiToken, TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.JFrogAPIKey(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.JFrogIdentityToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.JWT(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.KrakenAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.KucoinAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.KucoinSecretKey(), Tags: []string{TagSecretKey}})
-	allRules = append(allRules, Rule{Rule: *rules.LaunchDarklyAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.LinearAPIToken(), Tags: []string{TagApiToken, TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.LinearClientSecret(), Tags: []string{TagClientSecret}})
-	allRules = append(allRules, Rule{Rule: *rules.LinkedinClientID(), Tags: []string{TagClientId}})
-	allRules = append(allRules, Rule{Rule: *rules.LinkedinClientSecret(), Tags: []string{TagClientSecret}})
-	allRules = append(allRules, Rule{Rule: *rules.LobAPIToken(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.LobPubAPIToken(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.MailChimp(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.MailGunPubAPIToken(), Tags: []string{TagPublicKey}})
-	allRules = append(allRules, Rule{Rule: *rules.MailGunPrivateAPIToken(), Tags: []string{TagPrivateKey}})
-	allRules = append(allRules, Rule{Rule: *rules.MailGunSigningKey(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.MapBox(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.MattermostAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.MessageBirdAPIToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.MessageBirdClientID(), Tags: []string{TagClientId}})
-	allRules = append(allRules, Rule{Rule: *rules.NetlifyAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.NewRelicUserID(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.NewRelicUserKey(), Tags: []string{TagAccessId}})
-	allRules = append(allRules, Rule{Rule: *rules.NewRelicBrowserAPIKey(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.NPM(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.NytimesAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.OktaAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.OpenAI(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.PlaidAccessID(), Tags: []string{TagClientId}})
-	allRules = append(allRules, Rule{Rule: *rules.PlaidSecretKey(), Tags: []string{TagSecretKey}})
-	allRules = append(allRules, Rule{Rule: *rules.PlaidAccessToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.PlanetScalePassword(), Tags: []string{TagPassword}})
-	allRules = append(allRules, Rule{Rule: *rules.PlanetScaleAPIToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.PlanetScaleOAuthToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.PostManAPI(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.Prefect(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.PrivateKey(), Tags: []string{TagPrivateKey}})
-	allRules = append(allRules, Rule{Rule: *rules.PulumiAPIToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.PyPiUploadToken(), Tags: []string{TagUploadToken}})
-	allRules = append(allRules, Rule{Rule: *rules.RapidAPIAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.ReadMe(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.RubyGemsAPIToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.SendbirdAccessID(), Tags: []string{TagAccessId}})
-	allRules = append(allRules, Rule{Rule: *rules.SendbirdAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.SendGridAPIToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.SendInBlueAPIToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.SentryAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.ShippoAPIToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.ShopifyAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.ShopifyCustomAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.ShopifyPrivateAppAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.ShopifySharedSecret(), Tags: []string{TagPublicSecret}})
-	allRules = append(allRules, Rule{Rule: *rules.SidekiqSecret(), Tags: []string{TagSecretKey}})
-	allRules = append(allRules, Rule{Rule: *rules.SidekiqSensitiveUrl(), Tags: []string{TagSensitiveUrl}})
-	allRules = append(allRules, Rule{Rule: *rules.SlackBotToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.SlackAppLevelToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.SlackLegacyToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.SlackUserToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.SlackConfigurationToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.SlackConfigurationRefreshToken(), Tags: []string{TagRefreshToken}})
-	allRules = append(allRules, Rule{Rule: *rules.SlackLegacyBotToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.SlackLegacyWorkspaceToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.SlackWebHookUrl(), Tags: []string{TagWebhook}})
-	allRules = append(allRules, Rule{Rule: *rules.StripeAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.SquareAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.SquareSpaceAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.SumoLogicAccessID(), Tags: []string{TagAccessId}})
-	allRules = append(allRules, Rule{Rule: *rules.SumoLogicAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.Snyk(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.TeamsWebhook(), Tags: []string{TagWebhook}})
-	allRules = append(allRules, Rule{Rule: *rules.TelegramBotToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.TravisCIAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.Twilio(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.TwitchAPIToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.TwitterAPIKey(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.TwitterAPISecret(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.TwitterAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.TwitterAccessSecret(), Tags: []string{TagPublicSecret}})
-	allRules = append(allRules, Rule{Rule: *rules.TwitterBearerToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.Typeform(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.VaultBatchToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.VaultServiceToken(), Tags: []string{TagApiToken}})
-	allRules = append(allRules, Rule{Rule: *rules.YandexAPIKey(), Tags: []string{TagApiKey}})
-	allRules = append(allRules, Rule{Rule: *rules.YandexAWSAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.YandexAccessToken(), Tags: []string{TagAccessToken}})
-	allRules = append(allRules, Rule{Rule: *rules.ZendeskSecretKey(), Tags: []string{TagSecretKey}})
-	allRules = append(allRules, Rule{Rule: *AuthenticatedURL(), Tags: []string{TagSensitiveUrl}})
+	allRules := &[]Rule{
+		{Rule: *rules.AdafruitAPIKey(), Tags: []string{TagApiKey}},
+		{Rule: *rules.AdobeClientID(), Tags: []string{TagClientId}},
+		{Rule: *rules.AdobeClientSecret(), Tags: []string{TagClientSecret}},
+		{Rule: *rules.AgeSecretKey(), Tags: []string{TagSecretKey}},
+		{Rule: *rules.Airtable(), Tags: []string{TagApiKey}},
+		{Rule: *rules.AlgoliaApiKey(), Tags: []string{TagApiKey}},
+		{Rule: *rules.AlibabaAccessKey(), Tags: []string{TagAccessKey, TagAccessId}},
+		{Rule: *rules.AlibabaSecretKey(), Tags: []string{TagSecretKey}},
+		{Rule: *rules.AsanaClientID(), Tags: []string{TagClientId}},
+		{Rule: *rules.AsanaClientSecret(), Tags: []string{TagClientSecret}},
+		{Rule: *rules.Atlassian(), Tags: []string{TagApiToken}},
+		{Rule: *rules.Authress(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.AWS(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.BitBucketClientID(), Tags: []string{TagClientId}},
+		{Rule: *rules.BitBucketClientSecret(), Tags: []string{TagClientSecret}},
+		{Rule: *rules.BittrexAccessKey(), Tags: []string{TagAccessKey}},
+		{Rule: *rules.BittrexSecretKey(), Tags: []string{TagSecretKey}},
+		{Rule: *rules.Beamer(), Tags: []string{TagApiToken}},
+		{Rule: *rules.CodecovAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.CoinbaseAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.Clojars(), Tags: []string{TagApiToken}},
+		{Rule: *rules.ConfluentAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.ConfluentSecretKey(), Tags: []string{TagSecretKey}},
+		{Rule: *rules.Contentful(), Tags: []string{TagApiToken}},
+		{Rule: *rules.Databricks(), Tags: []string{TagApiToken}},
+		{Rule: *rules.DatadogtokenAccessToken(), Tags: []string{TagAccessToken, TagClientId}},
+		{Rule: *rules.DefinedNetworkingAPIToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.DigitalOceanPAT(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.DigitalOceanOAuthToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.DigitalOceanRefreshToken(), Tags: []string{TagRefreshToken}},
+		{Rule: *rules.DiscordAPIToken(), Tags: []string{TagApiKey, TagApiToken}},
+		{Rule: *rules.DiscordClientID(), Tags: []string{TagClientId}},
+		{Rule: *rules.DiscordClientSecret(), Tags: []string{TagClientSecret}},
+		{Rule: *rules.Doppler(), Tags: []string{TagApiToken}},
+		{Rule: *rules.DropBoxAPISecret(), Tags: []string{TagApiToken}},
+		{Rule: *rules.DropBoxShortLivedAPIToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.DropBoxLongLivedAPIToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.DroneciAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.Duffel(), Tags: []string{TagApiToken}},
+		{Rule: *rules.Dynatrace(), Tags: []string{TagApiToken}},
+		{Rule: *rules.EasyPost(), Tags: []string{TagApiToken}},
+		{Rule: *rules.EasyPostTestAPI(), Tags: []string{TagApiToken}},
+		{Rule: *rules.EtsyAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.Facebook(), Tags: []string{TagApiToken}},
+		{Rule: *rules.FastlyAPIToken(), Tags: []string{TagApiToken, TagApiKey}},
+		{Rule: *rules.FinicityClientSecret(), Tags: []string{TagClientSecret}},
+		{Rule: *rules.FinicityAPIToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.FlickrAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.FinnhubAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.FlutterwavePublicKey(), Tags: []string{TagPublicKey}},
+		{Rule: *rules.FlutterwaveSecretKey(), Tags: []string{TagSecretKey}},
+		{Rule: *rules.FlutterwaveEncKey(), Tags: []string{TagEncryptionKey}},
+		{Rule: *rules.FrameIO(), Tags: []string{TagApiToken}},
+		{Rule: *rules.FreshbooksAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.GCPAPIKey(), Tags: []string{TagApiKey}},
+		{Rule: *rules.GenericCredential(), Tags: []string{TagApiKey}},
+		{Rule: *rules.GitHubPat(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.GitHubFineGrainedPat(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.GitHubOauth(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.GitHubApp(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.GitHubRefresh(), Tags: []string{TagRefreshToken}},
+		{Rule: *rules.GitlabPat(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.GitlabPipelineTriggerToken(), Tags: []string{TagTriggerToken}},
+		{Rule: *rules.GitlabRunnerRegistrationToken(), Tags: []string{TagRegistrationToken}},
+		{Rule: *rules.GitterAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.GoCardless(), Tags: []string{TagApiToken}},
+		{Rule: *rules.GrafanaApiKey(), Tags: []string{TagApiKey}},
+		{Rule: *rules.GrafanaCloudApiToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.GrafanaServiceAccountToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.Hashicorp(), Tags: []string{TagApiToken}},
+		{Rule: *rules.Heroku(), Tags: []string{TagApiKey}},
+		{Rule: *rules.HubSpot(), Tags: []string{TagApiToken, TagApiKey}},
+		{Rule: *rules.Intercom(), Tags: []string{TagApiToken, TagApiKey}},
+		{Rule: *rules.JFrogAPIKey(), Tags: []string{TagApiKey}},
+		{Rule: *rules.JFrogIdentityToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.JWT(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.KrakenAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.KucoinAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.KucoinSecretKey(), Tags: []string{TagSecretKey}},
+		{Rule: *rules.LaunchDarklyAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.LinearAPIToken(), Tags: []string{TagApiToken, TagApiKey}},
+		{Rule: *rules.LinearClientSecret(), Tags: []string{TagClientSecret}},
+		{Rule: *rules.LinkedinClientID(), Tags: []string{TagClientId}},
+		{Rule: *rules.LinkedinClientSecret(), Tags: []string{TagClientSecret}},
+		{Rule: *rules.LobAPIToken(), Tags: []string{TagApiKey}},
+		{Rule: *rules.LobPubAPIToken(), Tags: []string{TagApiKey}},
+		{Rule: *rules.MailChimp(), Tags: []string{TagApiKey}},
+		{Rule: *rules.MailGunPubAPIToken(), Tags: []string{TagPublicKey}},
+		{Rule: *rules.MailGunPrivateAPIToken(), Tags: []string{TagPrivateKey}},
+		{Rule: *rules.MailGunSigningKey(), Tags: []string{TagApiKey}},
+		{Rule: *rules.MapBox(), Tags: []string{TagApiToken}},
+		{Rule: *rules.MattermostAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.MessageBirdAPIToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.MessageBirdClientID(), Tags: []string{TagClientId}},
+		{Rule: *rules.NetlifyAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.NewRelicUserID(), Tags: []string{TagApiKey}},
+		{Rule: *rules.NewRelicUserKey(), Tags: []string{TagAccessId}},
+		{Rule: *rules.NewRelicBrowserAPIKey(), Tags: []string{TagApiToken}},
+		{Rule: *rules.NPM(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.NytimesAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.OktaAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.OpenAI(), Tags: []string{TagApiKey}},
+		{Rule: *rules.PlaidAccessID(), Tags: []string{TagClientId}},
+		{Rule: *rules.PlaidSecretKey(), Tags: []string{TagSecretKey}},
+		{Rule: *rules.PlaidAccessToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.PlanetScalePassword(), Tags: []string{TagPassword}},
+		{Rule: *rules.PlanetScaleAPIToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.PlanetScaleOAuthToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.PostManAPI(), Tags: []string{TagApiToken}},
+		{Rule: *rules.Prefect(), Tags: []string{TagApiToken}},
+		{Rule: *rules.PrivateKey(), Tags: []string{TagPrivateKey}},
+		{Rule: *rules.PulumiAPIToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.PyPiUploadToken(), Tags: []string{TagUploadToken}},
+		{Rule: *rules.RapidAPIAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.ReadMe(), Tags: []string{TagApiToken}},
+		{Rule: *rules.RubyGemsAPIToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.SendbirdAccessID(), Tags: []string{TagAccessId}},
+		{Rule: *rules.SendbirdAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.SendGridAPIToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.SendInBlueAPIToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.SentryAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.ShippoAPIToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.ShopifyAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.ShopifyCustomAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.ShopifyPrivateAppAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.ShopifySharedSecret(), Tags: []string{TagPublicSecret}},
+		{Rule: *rules.SidekiqSecret(), Tags: []string{TagSecretKey}},
+		{Rule: *rules.SidekiqSensitiveUrl(), Tags: []string{TagSensitiveUrl}},
+		{Rule: *rules.SlackBotToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.SlackAppLevelToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.SlackLegacyToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.SlackUserToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.SlackConfigurationToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.SlackConfigurationRefreshToken(), Tags: []string{TagRefreshToken}},
+		{Rule: *rules.SlackLegacyBotToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.SlackLegacyWorkspaceToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.SlackWebHookUrl(), Tags: []string{TagWebhook}},
+		{Rule: *rules.StripeAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.SquareAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.SquareSpaceAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.SumoLogicAccessID(), Tags: []string{TagAccessId}},
+		{Rule: *rules.SumoLogicAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.Snyk(), Tags: []string{TagApiKey}},
+		{Rule: *rules.TeamsWebhook(), Tags: []string{TagWebhook}},
+		{Rule: *rules.TelegramBotToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.TravisCIAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.Twilio(), Tags: []string{TagApiKey}},
+		{Rule: *rules.TwitchAPIToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.TwitterAPIKey(), Tags: []string{TagApiKey}},
+		{Rule: *rules.TwitterAPISecret(), Tags: []string{TagApiKey}},
+		{Rule: *rules.TwitterAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.TwitterAccessSecret(), Tags: []string{TagPublicSecret}},
+		{Rule: *rules.TwitterBearerToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.Typeform(), Tags: []string{TagApiToken}},
+		{Rule: *rules.VaultBatchToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.VaultServiceToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.YandexAPIKey(), Tags: []string{TagApiKey}},
+		{Rule: *rules.YandexAWSAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.YandexAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.ZendeskSecretKey(), Tags: []string{TagSecretKey}},
+		{Rule: *AuthenticatedURL(), Tags: []string{TagSensitiveUrl}},
+	}
 
-	return &allRules
+	return allRules
 }
 
 func getSpecialRules() *[]Rule {

From 10ae5eb4563bc86f1e003cdfe61b400a29a675c9 Mon Sep 17 00:00:00 2001
From: Baruch Odem <baruch.odem@checkmarx.com>
Date: Thu, 29 Feb 2024 12:46:52 +0200
Subject: [PATCH 3/5] add new rules from gitleaks

---
 docs/list-of-rules.md | 6 ++++++
 engine/rules/rules.go | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/docs/list-of-rules.md b/docs/list-of-rules.md
index b5361679..bb346fd5 100644
--- a/docs/list-of-rules.md
+++ b/docs/list-of-rules.md
@@ -75,12 +75,17 @@ Here is a complete list of all the rules that are currently implemented.
 | grafana-cloud-api-token | Found a Grafana cloud API token, risking unauthorized access to cloud-based monitoring services and data exposure. | api-token |  |
 | grafana-service-account-token | Discovered a Grafana service account token, posing a risk of compromised monitoring services and data integrity. | access-token |  |
 | hashicorp-tf-api-token | Uncovered a HashiCorp Terraform user/org API token, which may lead to unauthorized infrastructure management and security breaches. | api-token |  |
+| hashicorp-tf-password | Identified a HashiCorp Terraform password field, risking unauthorized infrastructure configuration and security breaches. | password |  |
 | heroku-api-key | Detected a Heroku API Key, potentially compromising cloud application deployments and operational security. | api-key |  |
 | hubspot-api-key | Found a HubSpot API Token, posing a risk to CRM data integrity and unauthorized marketing operations. | api-token,api-key |  |
+| huggingface-access-token | Discovered a Hugging Face Access token, which could lead to unauthorized access to AI models and sensitive data. | access-token |  |
+| huggingface-organization-api-token | Uncovered a Hugging Face Organization API token, potentially compromising AI organization accounts and associated data. | api-token |  |
+| infracost-api-token | Detected an Infracost API Token, risking unauthorized access to cloud cost estimation tools and financial data. | api-token |  |
 | intercom-api-key | Identified an Intercom API Token, which could compromise customer communication channels and data privacy. | api-token,api-key |  |
 | jfrog-api-key | Found a JFrog API Key, posing a risk of unauthorized access to software artifact repositories and build pipelines. | api-key |  |
 | jfrog-identity-token | Discovered a JFrog Identity Token, potentially compromising access to JFrog services and sensitive software artifacts. | access-token |  |
 | jwt | Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. | access-token |  |
+| jwt-base64 | Detected a Base64-encoded JSON Web Token, posing a risk of exposing encoded authentication and data exchange information. | access-token |  |
 | kraken-access-token | Identified a Kraken Access Token, potentially compromising cryptocurrency trading accounts and financial security. | access-token |  |
 | kucoin-access-token | Found a Kucoin Access Token, risking unauthorized access to cryptocurrency exchange services and transactions. | access-token |  |
 | kucoin-secret-key | Discovered a Kucoin Secret Key, which could lead to compromised cryptocurrency operations and financial data breaches. | secret-key |  |
@@ -121,6 +126,7 @@ Here is a complete list of all the rules that are currently implemented.
 | rapidapi-access-token | Uncovered a RapidAPI Access Token, which could lead to unauthorized access to various APIs and data services. | access-token |  |
 | readme-api-token | Detected a Readme API token, risking unauthorized documentation management and content exposure. | api-token |  |
 | rubygems-api-token | Identified a Rubygem API token, potentially compromising Ruby library distribution and package management. | api-token |  |
+| scalingo-api-token | Found a Scalingo API token, posing a risk to cloud platform services and application deployment security. | api-token |  |
 | sendbird-access-id | Discovered a Sendbird Access ID, which could compromise chat and messaging platform integrations. | access-id |  |
 | sendbird-access-token | Uncovered a Sendbird Access Token, potentially risking unauthorized access to communication services and user data. | access-token |  |
 | sendgrid-api-token | Detected a SendGrid API token, posing a risk of unauthorized email service operations and data exposure. | api-token |  |
diff --git a/engine/rules/rules.go b/engine/rules/rules.go
index 61793288..d69bcbdf 100644
--- a/engine/rules/rules.go
+++ b/engine/rules/rules.go
@@ -99,12 +99,17 @@ func getDefaultRules() *[]Rule {
 		{Rule: *rules.GrafanaCloudApiToken(), Tags: []string{TagApiToken}},
 		{Rule: *rules.GrafanaServiceAccountToken(), Tags: []string{TagAccessToken}},
 		{Rule: *rules.Hashicorp(), Tags: []string{TagApiToken}},
+		{Rule: *rules.HashicorpField(), Tags: []string{TagPassword}},
 		{Rule: *rules.Heroku(), Tags: []string{TagApiKey}},
 		{Rule: *rules.HubSpot(), Tags: []string{TagApiToken, TagApiKey}},
+		{Rule: *rules.HuggingFaceAccessToken(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.HuggingFaceOrganizationApiToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.InfracostAPIToken(), Tags: []string{TagApiToken}},
 		{Rule: *rules.Intercom(), Tags: []string{TagApiToken, TagApiKey}},
 		{Rule: *rules.JFrogAPIKey(), Tags: []string{TagApiKey}},
 		{Rule: *rules.JFrogIdentityToken(), Tags: []string{TagAccessToken}},
 		{Rule: *rules.JWT(), Tags: []string{TagAccessToken}},
+		{Rule: *rules.JWTBase64(), Tags: []string{TagAccessToken}},
 		{Rule: *rules.KrakenAccessToken(), Tags: []string{TagAccessToken}},
 		{Rule: *rules.KucoinAccessToken(), Tags: []string{TagAccessToken}},
 		{Rule: *rules.KucoinSecretKey(), Tags: []string{TagSecretKey}},
@@ -145,6 +150,7 @@ func getDefaultRules() *[]Rule {
 		{Rule: *rules.RapidAPIAccessToken(), Tags: []string{TagAccessToken}},
 		{Rule: *rules.ReadMe(), Tags: []string{TagApiToken}},
 		{Rule: *rules.RubyGemsAPIToken(), Tags: []string{TagApiToken}},
+		{Rule: *rules.ScalingoAPIToken(), Tags: []string{TagApiToken}},
 		{Rule: *rules.SendbirdAccessID(), Tags: []string{TagAccessId}},
 		{Rule: *rules.SendbirdAccessToken(), Tags: []string{TagAccessToken}},
 		{Rule: *rules.SendGridAPIToken(), Tags: []string{TagApiToken}},

From aa7516022878f9591599b084ba1ac69283cfddf8 Mon Sep 17 00:00:00 2001
From: Baruch Odem <baruch.odem@checkmarx.com>
Date: Thu, 29 Feb 2024 12:53:15 +0200
Subject: [PATCH 4/5] go mod tidy

---
 go.mod | 1 -
 go.sum | 4 ----
 2 files changed, 5 deletions(-)

diff --git a/go.mod b/go.mod
index 347e8504..9cb3a2bc 100644
--- a/go.mod
+++ b/go.mod
@@ -37,7 +37,6 @@ require (
 	github.com/muesli/reflow v0.3.0 // indirect
 	github.com/muesli/termenv v0.15.1 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.7 // indirect
-	github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/spf13/afero v1.9.5 // indirect
diff --git a/go.sum b/go.sum
index ef8097fe..2626e4f4 100644
--- a/go.sum
+++ b/go.sum
@@ -181,8 +181,6 @@ github.com/muesli/termenv v0.15.1 h1:UzuTb/+hhlBugQz28rpzey4ZuKcZ03MeKsoG7IJZIxs
 github.com/muesli/termenv v0.15.1/go.mod h1:HeAQPTzpfs016yGtA4g00CsdYnVLJvxsS4ANqrZs2sQ=
 github.com/pelletier/go-toml/v2 v2.0.7 h1:muncTPStnKRos5dpVKULv2FVd4bMOhNePj9CjgDb8Us=
 github.com/pelletier/go-toml/v2 v2.0.7/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
-github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 h1:lL+y4Xv20pVlCGyLzNHRC0I0rIHhIL1lTvHizoS/dU8=
-github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9/go.mod h1:EHPiTAKtiFmrMldLUNswFwfZ2eJIYBHktdaUTZxYWRw=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -229,8 +227,6 @@ github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/zricethezav/gitleaks/v8 v8.18.0 h1:+zXcDpHATT9E/eA9UZqcKNW/O1mg882NLmO/6z4CFK0=
-github.com/zricethezav/gitleaks/v8 v8.18.0/go.mod h1:JulwKdEMpiOxVFQxZFFixY51QzDZPn1xJ1/p7YqX4hQ=
 github.com/zricethezav/gitleaks/v8 v8.18.2 h1:slo/sMmgs3qA+6Vv6iqVhsCv+gsl3RekQXqDN0M4g5M=
 github.com/zricethezav/gitleaks/v8 v8.18.2/go.mod h1:8F5GrdCpEtyN5R+0MKPubbOPqIHptNckH3F7bYrhT+Y=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

From 19ceb26adac77cbee9c5bb63ee05d9dbb767f779 Mon Sep 17 00:00:00 2001
From: Baruch Odem <baruch.odem@checkmarx.com>
Date: Thu, 29 Feb 2024 14:09:49 +0200
Subject: [PATCH 5/5] ignore false positive

see https://github.com/gitleaks/gitleaks/pull/1358
---
 .2ms.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.2ms.yml b/.2ms.yml
index f826c937..5be33201 100644
--- a/.2ms.yml
+++ b/.2ms.yml
@@ -16,3 +16,5 @@ ignore-result:
   - a3a83b7224e7e98e3cca6bd2cd138dbca831e06d
   - ba1f0517b77a5b451d1d55078218cd23d96b686e
   - c5748512948b492f5c07849ae2e69e7e831d36d3
+  - 5e73b4b73bf4a59b11f37066829af01478879067 # False positive, see https://github.com/gitleaks/gitleaks/pull/1358
+  - 255853e2044119bf502261713e2f892265d4b5c1 # False positive, see https://github.com/gitleaks/gitleaks/pull/1358