33 lines
970 B
TOML
33 lines
970 B
TOML
title = "Gitleaks Docker Compose CI/CD Config"
|
|
|
|
[[rules]]
|
|
id = "docker-env-password"
|
|
description = "Possible password in docker-compose environment"
|
|
regex = "(?i)([A-Z0-9_]*(PASSWORD|PASS|PWD))[=:]\\s*['\"]?[A-Za-z0-9!@#$%^&*()_+={}\\[\\]:;,.<>?~-]{6,}['\"]?"
|
|
tags = ["docker", "compose", "password", "env"]
|
|
|
|
[[rules]]
|
|
id = "docker-env-secret"
|
|
description = "Generic secret or token in docker-compose environment"
|
|
regex = "(?i)(SECRET|TOKEN|API[_-]?KEY)[=:]\\s*['\"]?[A-Za-z0-9_\\-]{16,}['\"]?"
|
|
tags = ["docker", "compose", "secret", "env"]
|
|
|
|
[[rules]]
|
|
id = "aws-credentials"
|
|
description = "AWS Access Key or Secret"
|
|
regex = "(AKIA[0-9A-Z]{16}|(?i)aws[_-]secret[_-]access[_-]key\\s*[:=]\\s*[A-Za-z0-9/+=]{40})"
|
|
tags = ["aws", "compose", "credentials"]
|
|
|
|
[[rules]]
|
|
id = "private-key"
|
|
description = "Private key detected"
|
|
regex = "-----BEGIN( RSA| EC| DSA)? PRIVATE KEY-----"
|
|
tags = ["key", "pem", "compose"]
|
|
|
|
[allowlist]
|
|
files = [
|
|
"docker-compose\\.ya?ml",
|
|
"\\.env"
|
|
]
|
|
|