dev: gitleaks rules configuration for checking secrets in megalinter …

…workflow
practicalli · Mar 4, 2024 · 5563ceb · 5563ceb
1 parent 5a07af4
commit 5563ceb
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 0 deletions.
diff --git a/.github/config/gitleaks.toml b/.github/config/gitleaks.toml
@@ -0,0 +1,23 @@
+title = "gitleaks config"
+
+[allowlist]
+description = "global allow lists"
+paths = [
+    '''gitleaks.toml''',
+    '''(.*?)(jpg|gif|doc|docx|zip|xls|pdf|bin|svg|socket)$''',
+    '''(go.mod|go.sum)$''',
+    '''gradle.lockfile''',
+    '''node_modules''',
+    '''package-lock.json''',
+    '''pnpm-lock.yaml''',
+    '''Database.refactorlog''',
+    '''vendor''',
+]
+
+[[rules]]
+description = "AWS Example API Key"
+id = "aws-example-api-key"
+regex = '''AKIAIOSFODNN7EXAMPLE'''
+keywords = [
+    "awstoken",
+]
diff --git a/.github/config/megalinter.yaml b/.github/config/megalinter.yaml
@@ -48,6 +48,7 @@ MARKDOWN_MARKDOWN_LINK_CHECK_CONFIG_FILE: ".github/config/markdown-link-check.js
 MARKDOWN_REMARK_LINT_DISABLE_ERRORS: true
 # MARKDOWN_MARKDOWN_TABLE_FORMATTER_DISABLE_ERRORS: false
 
+REPOSITORY_GITLEAKS_CONFIG_FILE: ".github/config/gitleaks.toml"
 REPOSITORY_TRUFFLEHOG_DISABLE_ERRORS: true # Errors only as warnings
 
 # SPELL_CSPELL_DISABLE_ERRORS: true

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,7 @@
 - code-challenge: rewrite code challenges overview 
 - dev: code block consistent style lint rules 46 & 48
 - mkdocs: clojure-idiom admonition style
+- dev: gitleaks rules configuration for checking secrets in megalinter workflow
 
 # 2024-03-03