generated from nhs-england-tools/repository-template
-
Notifications
You must be signed in to change notification settings - Fork 1
/
.gitleaks.toml
63 lines (50 loc) · 1.58 KB
/
.gitleaks.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# SEE: https://github.com/gitleaks/gitleaks/#configuration
[extend]
useDefault = true # SEE: https://github.com/gitleaks/gitleaks/blob/master/config/gitleaks.toml
[allowlist]
description = "allow ="
Regexes = '''========================================='''
[[rules]]
description = "IPv4"
id = "ipv4"
regex = '''[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'''
[[rules]]
description = "DynamoDB Endpoints"
id = "dynamodb"
regex = '''dynamodb\.[a-z]{2}[a-z-]*[1,2,3]\.amazonaws\.com'''
[[rules]]
description = "ARN Generic"
id = "arn"
regex = '''arn:aws:(.*):(.*):[0-9]{12}'''
[[rules]]
description = "ARN S3 "
id = "arns3"
regex = '''arn:aws:s3:::(.*)'''
[[rules]]
description = "ECR Endpoints"
id = "ecr"
regex = '''[0-9]{12}\.dkr\.ecr\.[a-z-]*-[1,2,3]\.amazonaws\.com'''
[[rules]]
description = "Elastic Search Endpoints"
id = "esendpoints"
regex = '''(.*)[a-z-]*[1,2,3]\.es\.amazonaws\.com'''
[[rules]]
description = "Standard Certificate"
id = "standardcertificate"
regex = '''-----BEGIN(\s)CERTIFICATE-----\n'''
[[rules]]
description = "Private Keys"
id = "privatekeys"
regex = '''\s*(\bBEGIN\b).*(PRIVATE KEY\b)\s*'''
[[rules]]
description = "AWS Secret Access Key"
id = "secretaccesskey"
regex = '''(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)?\s*(:|=>|=)\s*[A-Za-z0-9/\+=]{40}\n'''
[[rules]]
id = "genericawsacno"
description = "Generic 12 digit AWS acccount number"
regex = '''\b\d{12}\b'''
[[rules]]
id = "awsaccountid"
description = "AWS Account ID"
regex = '''(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?\s*(:|=>|=)\s*[0-9]{4}\-?[0-9]{4}\-?[0-9]{4}'''