82 lines
1.6 KiB
TOML
82 lines
1.6 KiB
TOML
# Gitleaks Balanced Configuration
|
|
# Production-ready configuration balancing security and developer experience
|
|
# Use for: Most production repositories
|
|
|
|
title = "Gitleaks Balanced Configuration"
|
|
|
|
[extend]
|
|
# Extend default Gitleaks rules
|
|
useDefault = true
|
|
|
|
[allowlist]
|
|
description = "Balanced allowlist for common false positives"
|
|
|
|
# Standard non-production paths
|
|
paths = [
|
|
'''test/.*''',
|
|
'''tests/.*''',
|
|
'''.*/fixtures/.*''',
|
|
'''.*/testdata/.*''',
|
|
'''spec/.*''',
|
|
'''examples?/.*''',
|
|
'''docs?/.*''',
|
|
'''\.md$''',
|
|
'''\.rst$''',
|
|
'''\.txt$''',
|
|
'''node_modules/.*''',
|
|
'''vendor/.*''',
|
|
'''third[_-]party/.*''',
|
|
'''\.min\.js$''',
|
|
'''\.min\.css$''',
|
|
'''dist/.*''',
|
|
'''build/.*''',
|
|
'''target/.*''',
|
|
'''.*/mocks?/.*''',
|
|
]
|
|
|
|
# Common placeholder patterns
|
|
stopwords = [
|
|
"example",
|
|
"placeholder",
|
|
"your_api_key_here",
|
|
"your_key_here",
|
|
"your_secret_here",
|
|
"replace_me",
|
|
"replaceme",
|
|
"changeme",
|
|
"change_me",
|
|
"insert_key_here",
|
|
"xxxxxx",
|
|
"000000",
|
|
"123456",
|
|
"abcdef",
|
|
"sample",
|
|
"dummy",
|
|
"fake",
|
|
"test_key",
|
|
"test_secret",
|
|
"test_password",
|
|
"test_token",
|
|
"mock",
|
|
"TODO",
|
|
]
|
|
|
|
# Public non-secrets
|
|
regexes = [
|
|
'''-----BEGIN CERTIFICATE-----''',
|
|
'''-----BEGIN PUBLIC KEY-----''',
|
|
'''data:image/[^;]+;base64,''',
|
|
'''[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}''', # UUID
|
|
]
|
|
|
|
# Manually verified false positives (add with comments)
|
|
commits = []
|
|
|
|
# Custom rules for organization-specific patterns can be added below
|
|
|
|
# Example: Allowlist template files
|
|
# [[rules]]
|
|
# id = "generic-api-key"
|
|
# [rules.allowlist]
|
|
# paths = ['''config/.*\.template$''', '''config/.*\.example$''']
|