From a09f83ffdb69a0b506c6338128e63c20472359ff Mon Sep 17 00:00:00 2001
From: DevITWay | Pavel Volkov <devitway@gmail.com>
Date: Fri, 27 Mar 2026 21:01:45 +0300
Subject: [PATCH] fix: restore .gitleaks.toml lost during merge (#58)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The file was created on security/scorecard-hardening branch but only
the ci.yml change was cherry-picked to main — the config file itself
was left behind. CI references --config .gitleaks.toml which caused
the Security job to fail.

Adds allowlist for test placeholder tokens (nra_00112233...) that
trigger generic-api-key false positives.
---
 .gitleaks.toml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 .gitleaks.toml

diff --git a/.gitleaks.toml b/.gitleaks.toml
new file mode 100644
index 0000000..d1a0c72
--- /dev/null
+++ b/.gitleaks.toml
@@ -0,0 +1,13 @@
+# Gitleaks configuration
+# https://github.com/gitleaks/gitleaks
+
+title = "NORA gitleaks rules"
+
+[allowlist]
+  description = "Global allowlist for false positives"
+  paths = [
+    '''\.gitleaks\.toml$''',
+  ]
+  regexTarget = "match"
+  # Test placeholder tokens (e.g. nra_00112233...)
+  regexes = ['''nra_0{2}[0-9a-f]{30}''']