diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a91a122..8503cb1 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -53,7 +53,7 @@ jobs:
         run: |
           curl -sL https://github.com/gitleaks/gitleaks/releases/download/v8.21.2/gitleaks_8.21.2_linux_x64.tar.gz \
             | tar xz -C /usr/local/bin gitleaks
-          gitleaks detect --source . --exit-code 1 --report-format sarif --report-path gitleaks.sarif
+          gitleaks detect --source . --config .gitleaks.toml --exit-code 1 --report-format sarif --report-path gitleaks.sarif
 
       # ── CVE in Rust dependencies ────────────────────────────────────────────
       - name: Install cargo-audit
diff --git a/.gitleaks.toml b/.gitleaks.toml
index fdb3267..6a72b40 100644
--- a/.gitleaks.toml
+++ b/.gitleaks.toml
@@ -7,13 +7,16 @@ title = "NORA gitleaks rules"
 [[rules]]
   id = "private-network"
   description = "Private network addresses and internal domains"
-  regex = '''(10\.25\.1\.\d+|10\.0\.\d+\.\d+|192\.168\.\d+\.\d+)'''
+  regex = '''(10\.25\.1\.\d+|10\.0\.\d+\.\d+)'''
   tags = ["network"]
+  [rules.allowlist]
+    regexTarget = "match"
+    regexes = ['''10\.0\.0\.0''']
 
 [[rules]]
   id = "internal-domains"
   description = "Internal domain names"
-  regex = '''[a-z0-9]+\.(lab|internal|local|corp)\b'''
+  regex = '''[a-z0-9]+\.(lab|internal|local)\b'''
   tags = ["network"]
 
 [[rules]]