557305db5d
Some checks failed
ci/woodpecker/push/integration Pipeline failed
ci/woodpecker/push/main Pipeline failed
CI/CD Pipeline / Go Tests (push) Has been cancelled
CI/CD Pipeline / Python Tests (push) Has been cancelled
CI/CD Pipeline / Website Tests (push) Has been cancelled
CI/CD Pipeline / Linting (push) Has been cancelled
CI/CD Pipeline / Security Scan (push) Has been cancelled
CI/CD Pipeline / Docker Build & Push (push) Has been cancelled
CI/CD Pipeline / Integration Tests (push) Has been cancelled
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
CI/CD Pipeline / CI Summary (push) Has been cancelled
Security Scanning / Secret Scanning (push) Has been cancelled
Security Scanning / Dependency Vulnerability Scan (push) Has been cancelled
Security Scanning / Go Security Scan (push) Has been cancelled
Security Scanning / Python Security Scan (push) Has been cancelled
Security Scanning / Node.js Security Scan (push) Has been cancelled
Security Scanning / Docker Image Security (push) Has been cancelled
Security Scanning / Security Summary (push) Has been cancelled
Tests / Go Tests (push) Has been cancelled
Tests / Python Tests (push) Has been cancelled
Tests / Integration Tests (push) Has been cancelled
Tests / Go Lint (push) Has been cancelled
Tests / Python Lint (push) Has been cancelled
Tests / Security Scan (push) Has been cancelled
Tests / All Checks Passed (push) Has been cancelled
- Academy, Whistleblower, Incidents frontend pages with API proxies and types - Vendor compliance API proxy route - Go backend handlers and models for all new SDK modules - Investor pitch-deck app with interactive slides - Blog section with DSGVO, AI Act, NIS2, glossary articles - MkDocs documentation site - CI/CD pipelines (Woodpecker, GitHub Actions), security scanning config - Planning and implementation documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
78 lines
1.8 KiB
TOML
78 lines
1.8 KiB
TOML
# Gitleaks Configuration for BreakPilot
|
|
# https://github.com/gitleaks/gitleaks
|
|
#
|
|
# Run locally: gitleaks detect --source . -v
|
|
# Pre-commit: gitleaks protect --staged -v
|
|
|
|
title = "BreakPilot Gitleaks Configuration"
|
|
|
|
# Use the default rules plus custom rules
|
|
[extend]
|
|
useDefault = true
|
|
|
|
# Custom rules for BreakPilot-specific patterns
|
|
[[rules]]
|
|
id = "anthropic-api-key"
|
|
description = "Anthropic API Key"
|
|
regex = '''sk-ant-api[0-9a-zA-Z-_]{20,}'''
|
|
tags = ["api", "anthropic"]
|
|
keywords = ["sk-ant-api"]
|
|
|
|
[[rules]]
|
|
id = "vast-api-key"
|
|
description = "vast.ai API Key"
|
|
regex = '''(?i)(vast[_-]?api[_-]?key|vast[_-]?key)\s*[=:]\s*['"]?([a-zA-Z0-9-_]{20,})['"]?'''
|
|
tags = ["api", "vast"]
|
|
keywords = ["vast"]
|
|
|
|
[[rules]]
|
|
id = "stripe-secret-key"
|
|
description = "Stripe Secret Key"
|
|
regex = '''sk_live_[0-9a-zA-Z]{24,}'''
|
|
tags = ["api", "stripe"]
|
|
keywords = ["sk_live"]
|
|
|
|
[[rules]]
|
|
id = "stripe-restricted-key"
|
|
description = "Stripe Restricted Key"
|
|
regex = '''rk_live_[0-9a-zA-Z]{24,}'''
|
|
tags = ["api", "stripe"]
|
|
keywords = ["rk_live"]
|
|
|
|
[[rules]]
|
|
id = "jwt-secret-hardcoded"
|
|
description = "Hardcoded JWT Secret"
|
|
regex = '''(?i)(jwt[_-]?secret|jwt[_-]?key)\s*[=:]\s*['"]([^'"]{32,})['"]'''
|
|
tags = ["secret", "jwt"]
|
|
keywords = ["jwt"]
|
|
|
|
# Allowlist for false positives
|
|
[allowlist]
|
|
description = "Global allowlist"
|
|
paths = [
|
|
'''\.env\.example$''',
|
|
'''\.env\.template$''',
|
|
'''docs/.*\.md$''',
|
|
'''SBOM\.md$''',
|
|
'''.*_test\.py$''',
|
|
'''.*_test\.go$''',
|
|
'''test_.*\.py$''',
|
|
'''.*\.bak$''',
|
|
'''node_modules/.*''',
|
|
'''venv/.*''',
|
|
'''\.git/.*''',
|
|
]
|
|
|
|
# Specific commit allowlist (for already-rotated secrets)
|
|
commits = []
|
|
|
|
# Regex patterns to ignore
|
|
regexes = [
|
|
'''REPLACE_WITH_REAL_.*''',
|
|
'''your-.*-key-change-in-production''',
|
|
'''breakpilot-dev-.*''',
|
|
'''DEVELOPMENT-ONLY-.*''',
|
|
'''placeholder.*''',
|
|
'''example.*key''',
|
|
]
|