mirror of
https://github.com/getnora-io/nora.git
synced 2026-04-12 10:20:32 +00:00
DevITWay | Pavel Volkov
a09f83ffdb
The file was created on security/scorecard-hardening branch but only the ci.yml change was cherry-picked to main — the config file itself was left behind. CI references --config .gitleaks.toml which caused the Security job to fail. Adds allowlist for test placeholder tokens (nra_00112233...) that trigger generic-api-key false positives.
14 lines
324 B
TOML
14 lines
324 B
TOML
# Gitleaks configuration
|
|
# https://github.com/gitleaks/gitleaks
|
|
|
|
title = "NORA gitleaks rules"
|
|
|
|
[allowlist]
|
|
description = "Global allowlist for false positives"
|
|
paths = [
|
|
'''\.gitleaks\.toml$''',
|
|
]
|
|
regexTarget = "match"
|
|
# Test placeholder tokens (e.g. nra_00112233...)
|
|
regexes = ['''nra_0{2}[0-9a-f]{30}''']
|