taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 12:40:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: simplify public gitleaks config to generic network rules only

Browse Source
This commit is contained in:
devitway
2026-03-18 11:57:21 +00:00
parent e2919b83de
commit 1cc5c8cc86
1 changed files with 14 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
.gitleaks.toml
View File

@@ -3,48 +3,24 @@
title = "NORA gitleaks rules" title = "NORA gitleaks rules"
# Internal infrastructure — private IPs and domains
[[rules]]
id = "private-network"
description = "Private network addresses and internal domains"
regex = '''(10\.25\.1\.\d+|10\.0\.\d+\.\d+|192\.168\.\d+\.\d+)'''
tags = ["network"]
[[rules]] [[rules]]
id = "extended-filter" id = "internal-domains"
description = "Extended content filter rules" description = "Internal domain names"
regex = '''(?i)(blocked-term|blocked-term|blocked-term|blocked-term|blocked-term|co-authored-by:\s*blocked-term)''' regex = '''[a-z0-9]+\.(lab|internal|local|corp)\b'''
tags = ["internal"] tags = ["network"]
[rules.allowlist]
paths = ['''\.gitleaks\.toml$''', '''\.gitignore$''']
[[rules]] [[rules]]
id = "internal-infrastructure" id = "tailscale-hostnames"
description = "Internal infrastructure hostnames and IPs" description = "Tailscale MagicDNS hostnames"
regex = '''(devitacademy\.lab|tail3bd72c|10\.25\.1\.\d+|10\.0\.\d+\.\d+|192\.168\.1\.\d+)''' regex = '''[a-z0-9]+\.tail[a-z0-9]+\.ts\.net'''
tags = ["internal"] tags = ["network"]
[[rules]]
id = "internal-proxmox"
description = "Proxmox VM IDs and internal service names"
regex = '''(proxmox|VM\s*ID.*\d{4,5}|nora-builder|jump\s*server)'''
tags = ["internal"]
[[rules]]
id = "internal-blocked-term-md"
description = "internal-config file references"
regex = '''internal-config'''
tags = ["internal"]
[[rules]]
id = "extended-filter-2"
description = "Internal development methodology references"
regex = '''(?i)(blocked-term|panel.*expert|review-process|blocked-term.*панел|review-process|prompt.*engineer|first.principles|12.factor.*review|scorecard.*boost)'''
tags = ["internal"]
[rules.allowlist]
paths = ['''\.gitleaks\.toml$''']
[[rules]]
id = "extended-filter-3"
description = "Code comments referencing internal review process"
regex = '''(?i)(reviewer.approved|reviewer.approved|kelsey.*said|security.*review.*panel|design.*approved)'''
tags = ["internal"]
[rules.allowlist]
paths = ['''\.gitleaks\.toml$''']
[allowlist] [allowlist]
description = "Allowlist for false positives" description = "Allowlist for false positives"