From a002b2b94c409a0ec415859e7b975562405f0faf Mon Sep 17 00:00:00 2001
From: bikochan <bikochan@users.noreply.github.com>
Date: Thu, 20 Jun 2024 10:27:37 +0100
Subject: [PATCH] feat(ci): add security gates

---
 .circleci/config.yml | 32 ++++++++++++++++++++++++++++++++
 .gitleaksignore      |  5 +++++
 2 files changed, 37 insertions(+)
 create mode 100644 .circleci/config.yml
 create mode 100644 .gitleaksignore

diff --git a/.circleci/config.yml b/.circleci/config.yml
new file mode 100644
index 0000000..791a38d
--- /dev/null
+++ b/.circleci/config.yml
@@ -0,0 +1,32 @@
+
+version: 2.1
+
+orbs:
+  prodsec: snyk/prodsec-orb@1
+
+defaults: &defaults
+  resource_class: small
+  docker:
+      - image: cimg/base:2024.06
+
+jobs:
+  security-scans:
+    <<: *defaults
+    steps:
+      - checkout
+      - prodsec/security_scans:
+          mode: auto
+
+workflows:
+  CICD:
+    jobs:
+      - prodsec/secrets-scan:
+          name: Scan repository for secrets
+          context:
+            - snyk-bot-slack
+          channel: alerts-api
+
+      - security-scans:
+          name: Security Scans
+          context:
+            - platformeng_api
diff --git a/.gitleaksignore b/.gitleaksignore
new file mode 100644
index 0000000..2198bfa
--- /dev/null
+++ b/.gitleaksignore
@@ -0,0 +1,5 @@
+# expired and unusable local dev values
+14a8456fb802d3682ed457ac6b8e6a3fc5aebc0d:.env.local:generic-api-key:2
+875a53ff6c7624afc83b9ef2b2c8b8b98324a7ce:.env.local:generic-api-key:6
+875a53ff6c7624afc83b9ef2b2c8b8b98324a7ce:.env.local:generic-api-key:2
+14a8456fb802d3682ed457ac6b8e6a3fc5aebc0d:.env.local:generic-api-key:6