add gitleaks scan for CI/CD
This commit is contained in:
@@ -0,0 +1,25 @@
|
||||
title = "Gitleaks Docker Compose CI/CD Config"
|
||||
|
||||
[[rules]]
|
||||
id = "docker-env-password"
|
||||
description = "Possible password in docker-compose environment"
|
||||
regex = '''(?i)([A-Z0-9_]*(PASSWORD|PASS|PWD))[=:]\s*['"]?[A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?~-]{6,}['"]?'''
|
||||
tags = ["docker", "compose", "password", "env"]
|
||||
|
||||
[[rules]]
|
||||
id = "docker-env-secret"
|
||||
description = "Generic secret or token in docker-compose environment"
|
||||
regex = '''(?i)(SECRET|TOKEN|API[_-]?KEY)[=:]\s*['"]?[A-Za-z0-9_\-]{16,}['"]?'''
|
||||
tags = ["docker", "compose", "secret", "env"]
|
||||
|
||||
[[rules]]
|
||||
id = "aws-credentials"
|
||||
description = "AWS Access Key or Secret"
|
||||
regex = '''(AKIA[0-9A-Z]{16}|(?i)aws[_-]secret[_-]access[_-]key\s*[:=]\s*[A-Za-z0-9/+=]{40})'''
|
||||
tags = ["aws", "compose", "credentials"]
|
||||
|
||||
[[rules]]
|
||||
id = "private-key"
|
||||
description = "Private key detected"
|
||||
regex = '''-----BEGIN( RSA| EC| DSA)? PRIVATE KEY-----'''
|
||||
tags = ["key", "pem", "compose"]
|
||||
Reference in New Issue
Block a user