Initial commit

skills/devsecops/secrets-gitleaks/assets/config-balanced.toml

@@ -0,0 +1,81 @@
+# Gitleaks Balanced Configuration
+# Production-ready configuration balancing security and developer experience
+# Use for: Most production repositories
+
+title = "Gitleaks Balanced Configuration"
+
+[extend]
+# Extend default Gitleaks rules
+useDefault = true
+
+[allowlist]
+description = "Balanced allowlist for common false positives"
+
+# Standard non-production paths
+paths = [
+  '''test/.*''',
+  '''tests/.*''',
+  '''.*/fixtures/.*''',
+  '''.*/testdata/.*''',
+  '''spec/.*''',
+  '''examples?/.*''',
+  '''docs?/.*''',
+  '''\.md$''',
+  '''\.rst$''',
+  '''\.txt$''',
+  '''node_modules/.*''',
+  '''vendor/.*''',
+  '''third[_-]party/.*''',
+  '''\.min\.js$''',
+  '''\.min\.css$''',
+  '''dist/.*''',
+  '''build/.*''',
+  '''target/.*''',
+  '''.*/mocks?/.*''',
+]
+
+# Common placeholder patterns
+stopwords = [
+  "example",
+  "placeholder",
+  "your_api_key_here",
+  "your_key_here",
+  "your_secret_here",
+  "replace_me",
+  "replaceme",
+  "changeme",
+  "change_me",
+  "insert_key_here",
+  "xxxxxx",
+  "000000",
+  "123456",
+  "abcdef",
+  "sample",
+  "dummy",
+  "fake",
+  "test_key",
+  "test_secret",
+  "test_password",
+  "test_token",
+  "mock",
+  "TODO",
+]
+
+# Public non-secrets
+regexes = [
+  '''-----BEGIN CERTIFICATE-----''',
+  '''-----BEGIN PUBLIC KEY-----''',
+  '''data:image/[^;]+;base64,''',
+  '''[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}''',  # UUID
+]
+
+# Manually verified false positives (add with comments)
+commits = []
+
+# Custom rules for organization-specific patterns can be added below
+
+# Example: Allowlist template files
+# [[rules]]
+# id = "generic-api-key"
+# [rules.allowlist]
+# paths = ['''config/.*\.template$''', '''config/.*\.example$''']