37 lines
1.3 KiB
TOML
37 lines
1.3 KiB
TOML
title = "Gitleaks Docker Compose CI/CD Config"
|
|
|
|
[allowlist]
|
|
description = "Ignore sample/example files and placeholders"
|
|
paths = ['''.*\.env\.sample$''', '''.*\.env\.example$''', '''.*example.*''']
|
|
|
|
regexes = [
|
|
'''\$\{[A-Za-z0-9_]+\}''',
|
|
'''(?i)(my-password|my-super-secret-auth-token|super_secret_password|very_sensitive_secret)''',
|
|
]
|
|
|
|
[[rules]]
|
|
id = "docker-env-password"
|
|
description = "Hardcoded password in docker-compose environment"
|
|
regex = '''(?im)^\s*-?\s*[A-Z0-9_]*(PASSWORD|PASS|PWD)\s*[:=]\s*['"]?([A-Za-z0-9][A-Za-z0-9!@#%^&+=.,_~/-]{7,})['"]?\s*(?:#.*)?$'''
|
|
secretGroup = 2
|
|
tags = ["docker", "compose", "password", "env"]
|
|
|
|
[[rules]]
|
|
id = "docker-env-secret"
|
|
description = "Hardcoded secret, token, or API key in docker-compose environment"
|
|
regex = '''(?im)^\s*-?\s*[A-Z0-9_]*(SECRET|TOKEN|API[_-]?KEY)\s*[:=]\s*['"]?([A-Za-z0-9][A-Za-z0-9_\-]{19,})['"]?\s*(?:#.*)?$'''
|
|
secretGroup = 2
|
|
tags = ["docker", "compose", "secret", "env"]
|
|
|
|
[[rules]]
|
|
id = "aws-credentials"
|
|
description = "AWS Access Key or Secret"
|
|
regex = '''AKIA[0-9A-Z]{16}|(?i)aws[_-]secret[_-]access[_-]key\s*[:=]\s*[A-Za-z0-9/+=]{40}'''
|
|
tags = ["aws", "compose", "credentials"]
|
|
|
|
[[rules]]
|
|
id = "private-key"
|
|
description = "Private key detected"
|
|
regex = '''-----BEGIN( RSA| EC| DSA| OPENSSH)? PRIVATE KEY-----'''
|
|
tags = ["key", "pem", "compose"]
|