From 063c6639159ab69720b1483cc383bfec3b0313fd Mon Sep 17 00:00:00 2001 From: Isaac Milarsky Date: Mon, 22 Sep 2025 16:15:30 -0500 Subject: [PATCH 1/4] update contributors workflow Signed-off-by: Isaac Milarsky --- .github/workflows/contributors.yml | 42 ++++++++++--------- .../.github/workflows/contributors.yml | 27 +++++------- .../.github/workflows/contributors.yml | 27 +++++------- .../.github/workflows/contributors.yml | 27 +++++------- 4 files changed, 56 insertions(+), 67 deletions(-) diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml index 646748d4..ecb46f50 100644 --- a/.github/workflows/contributors.yml +++ b/.github/workflows/contributors.yml @@ -19,51 +19,55 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 with: - fetch-depth: 0 + fetch-depth: 0 + token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }} - name: Update contributor list id: contrib_list uses: akhilmhdh/contributors-readme-action@v2.3.10 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + GITHUB_TOKEN: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }} + with: readme_path: COMMUNITY.md use_username: false commit_message: "update contributors information" + auto_detect_branch_protection: false - name: Get contributors count id: get_contributors env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | - OWNER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1) - REPO=$(echo $GITHUB_REPOSITORY | cut -d'/' -f2) - QUERY='query { repository(owner: \"'"$OWNER"'\", name: \"'"$REPO"'\") { collaborators { totalCount } } }' + OWNER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1) + REPO=$(echo $GITHUB_REPOSITORY | cut -d'/' -f2) + QUERY='query { repository(owner: \"'"$OWNER"'\", name: \"'"$REPO"'\") { collaborators { totalCount } } }' + + CONTRIBUTORS=$(gh api \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "/repos/$OWNER/$REPO/contributors?per_page=100" | \ + jq '[.[] | select(.type != "Bot" and (.login | test("\\[bot\\]$") | not) and (.login | test("-bot$") | not))] | length') - CONTRIBUTORS=$(gh api \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "/repos/$OWNER/$REPO/contributors?per_page=100" | \ - jq '[.[] | select(.type != "Bot" and (.login | test("\\[bot\\]$") | not) and (.login | test("-bot$") | not))] | length') + echo "Total contributors: $CONTRIBUTORS" + echo "contributors=$CONTRIBUTORS" >> $GITHUB_OUTPUT - echo "Total contributors: $CONTRIBUTORS" - echo "contributors=$CONTRIBUTORS" >> $GITHUB_OUTPUT - name: Update COMMUNITY.md run: | + CONTRIBUTORS="${{ steps.get_contributors.outputs.contributors }}" + perl -i -pe 's/().*?()/$1 '"$CONTRIBUTORS"' $2/' COMMUNITY.md git config user.name 'github-actions[bot]' git config user.email 'github-actions[bot]@users.noreply.github.com' + git pull git add COMMUNITY.md git commit -m "update contributors count to $CONTRIBUTORS" || exit 0 - - - name: Push protected - uses: CasperWA/push-protected@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - branch: main + git push \ No newline at end of file diff --git a/tier2/{{cookiecutter.project_slug}}/.github/workflows/contributors.yml b/tier2/{{cookiecutter.project_slug}}/.github/workflows/contributors.yml index a3049f06..ecb46f50 100644 --- a/tier2/{{cookiecutter.project_slug}}/.github/workflows/contributors.yml +++ b/tier2/{{cookiecutter.project_slug}}/.github/workflows/contributors.yml @@ -20,25 +20,27 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }} - name: Update contributor list id: contrib_list uses: akhilmhdh/contributors-readme-action@v2.3.10 env: - {% raw %} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - {% endraw %} + + GITHUB_TOKEN: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }} + with: readme_path: COMMUNITY.md use_username: false commit_message: "update contributors information" + auto_detect_branch_protection: false - name: Get contributors count id: get_contributors env: - {% raw %} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - {% endraw %} + run: | OWNER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1) @@ -57,22 +59,15 @@ jobs: - name: Update COMMUNITY.md run: | - {% raw %} + CONTRIBUTORS="${{ steps.get_contributors.outputs.contributors }}" - {% endraw %} + perl -i -pe 's/().*?()/$1 '"$CONTRIBUTORS"' $2/' COMMUNITY.md git config user.name 'github-actions[bot]' git config user.email 'github-actions[bot]@users.noreply.github.com' + git pull git add COMMUNITY.md git commit -m "update contributors count to $CONTRIBUTORS" || exit 0 - - - name: Push protected - uses: CasperWA/push-protected@v2 - with: - {% raw %} - token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }} - {% endraw %} - - branch: main \ No newline at end of file + git push \ No newline at end of file diff --git a/tier3/{{cookiecutter.project_slug}}/.github/workflows/contributors.yml b/tier3/{{cookiecutter.project_slug}}/.github/workflows/contributors.yml index a3049f06..ecb46f50 100644 --- a/tier3/{{cookiecutter.project_slug}}/.github/workflows/contributors.yml +++ b/tier3/{{cookiecutter.project_slug}}/.github/workflows/contributors.yml @@ -20,25 +20,27 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }} - name: Update contributor list id: contrib_list uses: akhilmhdh/contributors-readme-action@v2.3.10 env: - {% raw %} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - {% endraw %} + + GITHUB_TOKEN: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }} + with: readme_path: COMMUNITY.md use_username: false commit_message: "update contributors information" + auto_detect_branch_protection: false - name: Get contributors count id: get_contributors env: - {% raw %} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - {% endraw %} + run: | OWNER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1) @@ -57,22 +59,15 @@ jobs: - name: Update COMMUNITY.md run: | - {% raw %} + CONTRIBUTORS="${{ steps.get_contributors.outputs.contributors }}" - {% endraw %} + perl -i -pe 's/().*?()/$1 '"$CONTRIBUTORS"' $2/' COMMUNITY.md git config user.name 'github-actions[bot]' git config user.email 'github-actions[bot]@users.noreply.github.com' + git pull git add COMMUNITY.md git commit -m "update contributors count to $CONTRIBUTORS" || exit 0 - - - name: Push protected - uses: CasperWA/push-protected@v2 - with: - {% raw %} - token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }} - {% endraw %} - - branch: main \ No newline at end of file + git push \ No newline at end of file diff --git a/tier4/{{cookiecutter.project_slug}}/.github/workflows/contributors.yml b/tier4/{{cookiecutter.project_slug}}/.github/workflows/contributors.yml index a3049f06..ecb46f50 100644 --- a/tier4/{{cookiecutter.project_slug}}/.github/workflows/contributors.yml +++ b/tier4/{{cookiecutter.project_slug}}/.github/workflows/contributors.yml @@ -20,25 +20,27 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }} - name: Update contributor list id: contrib_list uses: akhilmhdh/contributors-readme-action@v2.3.10 env: - {% raw %} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - {% endraw %} + + GITHUB_TOKEN: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }} + with: readme_path: COMMUNITY.md use_username: false commit_message: "update contributors information" + auto_detect_branch_protection: false - name: Get contributors count id: get_contributors env: - {% raw %} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - {% endraw %} + run: | OWNER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1) @@ -57,22 +59,15 @@ jobs: - name: Update COMMUNITY.md run: | - {% raw %} + CONTRIBUTORS="${{ steps.get_contributors.outputs.contributors }}" - {% endraw %} + perl -i -pe 's/().*?()/$1 '"$CONTRIBUTORS"' $2/' COMMUNITY.md git config user.name 'github-actions[bot]' git config user.email 'github-actions[bot]@users.noreply.github.com' + git pull git add COMMUNITY.md git commit -m "update contributors count to $CONTRIBUTORS" || exit 0 - - - name: Push protected - uses: CasperWA/push-protected@v2 - with: - {% raw %} - token: ${{ secrets.PUSH_TO_PROTECTED_BRANCH }} - {% endraw %} - - branch: main \ No newline at end of file + git push \ No newline at end of file From ba785be334cd738d0bdd8023c37afa465ee916d5 Mon Sep 17 00:00:00 2001 From: Isaac Milarsky Date: Mon, 22 Sep 2025 16:19:31 -0500 Subject: [PATCH 2/4] add gitleaks toml file to all tiers plus repo itself Signed-off-by: Isaac Milarsky --- .../.gitleaks.toml | 43 +++++++++++++++++++ .../.gitleaks.toml | 43 +++++++++++++++++++ .../.gitleaks.toml | 43 +++++++++++++++++++ .../.gitleaks.toml | 0 .../.gitleaks.toml | 43 +++++++++++++++++++ 5 files changed, 172 insertions(+) create mode 100644 tier0/{{cookiecutter.project_slug}}/.gitleaks.toml create mode 100644 tier1/{{cookiecutter.project_slug}}/.gitleaks.toml create mode 100644 tier2/{{cookiecutter.project_slug}}/.gitleaks.toml create mode 100644 tier3/{{cookiecutter.project_slug}}/.gitleaks.toml create mode 100644 tier4/{{cookiecutter.project_slug}}/.gitleaks.toml diff --git a/tier0/{{cookiecutter.project_slug}}/.gitleaks.toml b/tier0/{{cookiecutter.project_slug}}/.gitleaks.toml new file mode 100644 index 00000000..7169e1d7 --- /dev/null +++ b/tier0/{{cookiecutter.project_slug}}/.gitleaks.toml @@ -0,0 +1,43 @@ +title = "Custom Gitleaks Config for Common Secrets" +version = "2" + +[allowlist] +description = "Global allowlist" +# --- Replace with your local secret files --- + +# --- Common Secrets --- +[[rules]] +id = "github-pat" +description = "GitHub Personal Access Token" +regex = '''ghp_[0-9A-Za-z]{36}''' +tags = ["key", "GitHub"] + +[[rules]] +id = "slack-token" +description = "Slack Token" +regex = '''xox[baprs]-[0-9A-Za-z]{10,48}''' +tags = ["key", "slack"] + +[[rules]] +id = "google-api-key" +description = "Google API Key" +regex = '''AIza[0-9A-Za-z\-_]{35}''' +tags = ["key", "Google"] + +[[rules]] +id = "aws-access-key" +description = "AWS Access Key" +regex = '''(A3T[A-Z0-9]|AKIA|ASIA|AGPA|AIDA|AROA|AIPA|ANPA)[A-Z0-9]{16}''' +tags = ["AWS"] + +[[rules]] +id = "aws-secret-key" +description = "AWS Secret Key" +regex = '''(?i)aws(.{0,20})?(?-i)['"][0-9a-zA-Z/+]{40}['"]''' +tags = ["AWS"] + +[[rules]] +id = "private-key" +description = "Private Key" +regex = '''-----BEGIN( RSA| EC| DSA)? PRIVATE KEY-----''' +tags = ["private"] \ No newline at end of file diff --git a/tier1/{{cookiecutter.project_slug}}/.gitleaks.toml b/tier1/{{cookiecutter.project_slug}}/.gitleaks.toml new file mode 100644 index 00000000..7169e1d7 --- /dev/null +++ b/tier1/{{cookiecutter.project_slug}}/.gitleaks.toml @@ -0,0 +1,43 @@ +title = "Custom Gitleaks Config for Common Secrets" +version = "2" + +[allowlist] +description = "Global allowlist" +# --- Replace with your local secret files --- + +# --- Common Secrets --- +[[rules]] +id = "github-pat" +description = "GitHub Personal Access Token" +regex = '''ghp_[0-9A-Za-z]{36}''' +tags = ["key", "GitHub"] + +[[rules]] +id = "slack-token" +description = "Slack Token" +regex = '''xox[baprs]-[0-9A-Za-z]{10,48}''' +tags = ["key", "slack"] + +[[rules]] +id = "google-api-key" +description = "Google API Key" +regex = '''AIza[0-9A-Za-z\-_]{35}''' +tags = ["key", "Google"] + +[[rules]] +id = "aws-access-key" +description = "AWS Access Key" +regex = '''(A3T[A-Z0-9]|AKIA|ASIA|AGPA|AIDA|AROA|AIPA|ANPA)[A-Z0-9]{16}''' +tags = ["AWS"] + +[[rules]] +id = "aws-secret-key" +description = "AWS Secret Key" +regex = '''(?i)aws(.{0,20})?(?-i)['"][0-9a-zA-Z/+]{40}['"]''' +tags = ["AWS"] + +[[rules]] +id = "private-key" +description = "Private Key" +regex = '''-----BEGIN( RSA| EC| DSA)? PRIVATE KEY-----''' +tags = ["private"] \ No newline at end of file diff --git a/tier2/{{cookiecutter.project_slug}}/.gitleaks.toml b/tier2/{{cookiecutter.project_slug}}/.gitleaks.toml new file mode 100644 index 00000000..7169e1d7 --- /dev/null +++ b/tier2/{{cookiecutter.project_slug}}/.gitleaks.toml @@ -0,0 +1,43 @@ +title = "Custom Gitleaks Config for Common Secrets" +version = "2" + +[allowlist] +description = "Global allowlist" +# --- Replace with your local secret files --- + +# --- Common Secrets --- +[[rules]] +id = "github-pat" +description = "GitHub Personal Access Token" +regex = '''ghp_[0-9A-Za-z]{36}''' +tags = ["key", "GitHub"] + +[[rules]] +id = "slack-token" +description = "Slack Token" +regex = '''xox[baprs]-[0-9A-Za-z]{10,48}''' +tags = ["key", "slack"] + +[[rules]] +id = "google-api-key" +description = "Google API Key" +regex = '''AIza[0-9A-Za-z\-_]{35}''' +tags = ["key", "Google"] + +[[rules]] +id = "aws-access-key" +description = "AWS Access Key" +regex = '''(A3T[A-Z0-9]|AKIA|ASIA|AGPA|AIDA|AROA|AIPA|ANPA)[A-Z0-9]{16}''' +tags = ["AWS"] + +[[rules]] +id = "aws-secret-key" +description = "AWS Secret Key" +regex = '''(?i)aws(.{0,20})?(?-i)['"][0-9a-zA-Z/+]{40}['"]''' +tags = ["AWS"] + +[[rules]] +id = "private-key" +description = "Private Key" +regex = '''-----BEGIN( RSA| EC| DSA)? PRIVATE KEY-----''' +tags = ["private"] \ No newline at end of file diff --git a/tier3/{{cookiecutter.project_slug}}/.gitleaks.toml b/tier3/{{cookiecutter.project_slug}}/.gitleaks.toml new file mode 100644 index 00000000..e69de29b diff --git a/tier4/{{cookiecutter.project_slug}}/.gitleaks.toml b/tier4/{{cookiecutter.project_slug}}/.gitleaks.toml new file mode 100644 index 00000000..7169e1d7 --- /dev/null +++ b/tier4/{{cookiecutter.project_slug}}/.gitleaks.toml @@ -0,0 +1,43 @@ +title = "Custom Gitleaks Config for Common Secrets" +version = "2" + +[allowlist] +description = "Global allowlist" +# --- Replace with your local secret files --- + +# --- Common Secrets --- +[[rules]] +id = "github-pat" +description = "GitHub Personal Access Token" +regex = '''ghp_[0-9A-Za-z]{36}''' +tags = ["key", "GitHub"] + +[[rules]] +id = "slack-token" +description = "Slack Token" +regex = '''xox[baprs]-[0-9A-Za-z]{10,48}''' +tags = ["key", "slack"] + +[[rules]] +id = "google-api-key" +description = "Google API Key" +regex = '''AIza[0-9A-Za-z\-_]{35}''' +tags = ["key", "Google"] + +[[rules]] +id = "aws-access-key" +description = "AWS Access Key" +regex = '''(A3T[A-Z0-9]|AKIA|ASIA|AGPA|AIDA|AROA|AIPA|ANPA)[A-Z0-9]{16}''' +tags = ["AWS"] + +[[rules]] +id = "aws-secret-key" +description = "AWS Secret Key" +regex = '''(?i)aws(.{0,20})?(?-i)['"][0-9a-zA-Z/+]{40}['"]''' +tags = ["AWS"] + +[[rules]] +id = "private-key" +description = "Private Key" +regex = '''-----BEGIN( RSA| EC| DSA)? PRIVATE KEY-----''' +tags = ["private"] \ No newline at end of file From a51b1b2e561a5b6f36bb3f409988f9c05361a8fd Mon Sep 17 00:00:00 2001 From: Isaac Milarsky Date: Mon, 22 Sep 2025 16:19:43 -0500 Subject: [PATCH 3/4] straggler Signed-off-by: Isaac Milarsky --- .gitleaks.toml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .gitleaks.toml diff --git a/.gitleaks.toml b/.gitleaks.toml new file mode 100644 index 00000000..7169e1d7 --- /dev/null +++ b/.gitleaks.toml @@ -0,0 +1,43 @@ +title = "Custom Gitleaks Config for Common Secrets" +version = "2" + +[allowlist] +description = "Global allowlist" +# --- Replace with your local secret files --- + +# --- Common Secrets --- +[[rules]] +id = "github-pat" +description = "GitHub Personal Access Token" +regex = '''ghp_[0-9A-Za-z]{36}''' +tags = ["key", "GitHub"] + +[[rules]] +id = "slack-token" +description = "Slack Token" +regex = '''xox[baprs]-[0-9A-Za-z]{10,48}''' +tags = ["key", "slack"] + +[[rules]] +id = "google-api-key" +description = "Google API Key" +regex = '''AIza[0-9A-Za-z\-_]{35}''' +tags = ["key", "Google"] + +[[rules]] +id = "aws-access-key" +description = "AWS Access Key" +regex = '''(A3T[A-Z0-9]|AKIA|ASIA|AGPA|AIDA|AROA|AIPA|ANPA)[A-Z0-9]{16}''' +tags = ["AWS"] + +[[rules]] +id = "aws-secret-key" +description = "AWS Secret Key" +regex = '''(?i)aws(.{0,20})?(?-i)['"][0-9a-zA-Z/+]{40}['"]''' +tags = ["AWS"] + +[[rules]] +id = "private-key" +description = "Private Key" +regex = '''-----BEGIN( RSA| EC| DSA)? PRIVATE KEY-----''' +tags = ["private"] \ No newline at end of file From 3f89daf24c67ec814ddeb6aee9114d7c34dd191e Mon Sep 17 00:00:00 2001 From: Isaac Milarsky Date: Mon, 22 Sep 2025 16:24:47 -0500 Subject: [PATCH 4/4] make sure format of file is working Signed-off-by: Isaac Milarsky --- .gitleaks.toml | 4 +- .../.gitleaks.toml | 4 +- .../.gitleaks.toml | 6 +-- .../.gitleaks.toml | 4 +- .../.gitleaks.toml | 43 +++++++++++++++++++ .../.gitleaks.toml | 4 +- 6 files changed, 54 insertions(+), 11 deletions(-) diff --git a/.gitleaks.toml b/.gitleaks.toml index 7169e1d7..2317afee 100644 --- a/.gitleaks.toml +++ b/.gitleaks.toml @@ -1,8 +1,8 @@ title = "Custom Gitleaks Config for Common Secrets" version = "2" -[allowlist] -description = "Global allowlist" +#[allowlist] +#description = "Global allowlist" # --- Replace with your local secret files --- # --- Common Secrets --- diff --git a/tier0/{{cookiecutter.project_slug}}/.gitleaks.toml b/tier0/{{cookiecutter.project_slug}}/.gitleaks.toml index 7169e1d7..2317afee 100644 --- a/tier0/{{cookiecutter.project_slug}}/.gitleaks.toml +++ b/tier0/{{cookiecutter.project_slug}}/.gitleaks.toml @@ -1,8 +1,8 @@ title = "Custom Gitleaks Config for Common Secrets" version = "2" -[allowlist] -description = "Global allowlist" +#[allowlist] +#description = "Global allowlist" # --- Replace with your local secret files --- # --- Common Secrets --- diff --git a/tier1/{{cookiecutter.project_slug}}/.gitleaks.toml b/tier1/{{cookiecutter.project_slug}}/.gitleaks.toml index 7169e1d7..cb6baf52 100644 --- a/tier1/{{cookiecutter.project_slug}}/.gitleaks.toml +++ b/tier1/{{cookiecutter.project_slug}}/.gitleaks.toml @@ -1,9 +1,9 @@ title = "Custom Gitleaks Config for Common Secrets" version = "2" -[allowlist] -description = "Global allowlist" -# --- Replace with your local secret files --- +#[allowlist] +#description = "Global allowlist" +# --- Replace with your local secret files # --- Common Secrets --- [[rules]] diff --git a/tier2/{{cookiecutter.project_slug}}/.gitleaks.toml b/tier2/{{cookiecutter.project_slug}}/.gitleaks.toml index 7169e1d7..2317afee 100644 --- a/tier2/{{cookiecutter.project_slug}}/.gitleaks.toml +++ b/tier2/{{cookiecutter.project_slug}}/.gitleaks.toml @@ -1,8 +1,8 @@ title = "Custom Gitleaks Config for Common Secrets" version = "2" -[allowlist] -description = "Global allowlist" +#[allowlist] +#description = "Global allowlist" # --- Replace with your local secret files --- # --- Common Secrets --- diff --git a/tier3/{{cookiecutter.project_slug}}/.gitleaks.toml b/tier3/{{cookiecutter.project_slug}}/.gitleaks.toml index e69de29b..2317afee 100644 --- a/tier3/{{cookiecutter.project_slug}}/.gitleaks.toml +++ b/tier3/{{cookiecutter.project_slug}}/.gitleaks.toml @@ -0,0 +1,43 @@ +title = "Custom Gitleaks Config for Common Secrets" +version = "2" + +#[allowlist] +#description = "Global allowlist" +# --- Replace with your local secret files --- + +# --- Common Secrets --- +[[rules]] +id = "github-pat" +description = "GitHub Personal Access Token" +regex = '''ghp_[0-9A-Za-z]{36}''' +tags = ["key", "GitHub"] + +[[rules]] +id = "slack-token" +description = "Slack Token" +regex = '''xox[baprs]-[0-9A-Za-z]{10,48}''' +tags = ["key", "slack"] + +[[rules]] +id = "google-api-key" +description = "Google API Key" +regex = '''AIza[0-9A-Za-z\-_]{35}''' +tags = ["key", "Google"] + +[[rules]] +id = "aws-access-key" +description = "AWS Access Key" +regex = '''(A3T[A-Z0-9]|AKIA|ASIA|AGPA|AIDA|AROA|AIPA|ANPA)[A-Z0-9]{16}''' +tags = ["AWS"] + +[[rules]] +id = "aws-secret-key" +description = "AWS Secret Key" +regex = '''(?i)aws(.{0,20})?(?-i)['"][0-9a-zA-Z/+]{40}['"]''' +tags = ["AWS"] + +[[rules]] +id = "private-key" +description = "Private Key" +regex = '''-----BEGIN( RSA| EC| DSA)? PRIVATE KEY-----''' +tags = ["private"] \ No newline at end of file diff --git a/tier4/{{cookiecutter.project_slug}}/.gitleaks.toml b/tier4/{{cookiecutter.project_slug}}/.gitleaks.toml index 7169e1d7..2317afee 100644 --- a/tier4/{{cookiecutter.project_slug}}/.gitleaks.toml +++ b/tier4/{{cookiecutter.project_slug}}/.gitleaks.toml @@ -1,8 +1,8 @@ title = "Custom Gitleaks Config for Common Secrets" version = "2" -[allowlist] -description = "Global allowlist" +#[allowlist] +#description = "Global allowlist" # --- Replace with your local secret files --- # --- Common Secrets ---