generated from ministryofjustice/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.trufflehog3.yml
76 lines (73 loc) · 2.58 KB
/
.trufflehog3.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
exclude: # exclude matching issues
- message: Build directories
paths:
- build/**
- dist/**
- README.md
- .github/**
- .ruff_cache/**
- .pytest_cache/**
- .venv/**
- .idea/**
- message: Examples and data necessary for running auto-tests
paths:
- docs/*.html
- docs/examples/*
- message: DB login config
# Without this the db.password will incorrectly flag
pattern: Config.DB_PASSWORD
paths:
- app/db/__init__.py
- message: Trufflehog rules file contains regexes which might trigger the scanner
paths:
- trufflehog3/static/rules.yml
- message: Integrity hash for highlight.min.js
# NOTE pattern is re.Pattern, thus escaping of special characters might be required
pattern: sha256-Uv3H6lx7dJmRfRvH8TH6kJD1TSK1aFcwgx\+mdg3epi8=
paths:
- docs/templates/*.mako
- message: Integrity hash for materialize.min.css
# NOTE pattern is re.Pattern, thus escaping of special characters might be required
pattern: sha256-kpeCd0c1zTgJMsU\+s8Pz4CwckI73qwpdYMTxTsRyO8A=
paths:
- docs/templates/*.mako
- trufflehog3/static/report.html.j2
- message: Integrity hash for materialize.min.js
pattern: sha256-U/cHDMTIHCeMcvehBv1xQ052bPSbJtbuiw4QA9cTKz0=
paths:
- docs/templates/*.mako
- trufflehog3/static/report.html.j2
- message: Alphabet used in autotests
pattern: abcdefghijklmnopqrstuvwxyz
paths:
- trufflehog3/helper.py
- trufflehog3/models.py
- trufflehog3/search.py
- message: Commit hash used in autotests
pattern: 9e404e6c59d286645b2465aacaf61108ebc12a3a
paths:
- trufflehog3/source.py
# NOTE you can also specify IDs or patterns together or without paths, e.g.
#
# - message: Skip ID everywhere
# id: high-entropy
# - message: Skip ID on specific paths
# id: high-entropy
# paths:
# - tests/data/*
#
# - message: Skip pattern everywhere, case-insensitive
# pattern: (?i)not-a-secret
# - message: Skip pattern on specific paths, case-insensitive
# pattern: (?i)not-a-secret
# paths:
# - tests/data/*
severity: low # minimum severity filter
ignore_nosecret: false # ignore inline 'nosecret' annotations
no_entropy: false # disable entropy checks
no_pattern: false # disable pattern checks
depth: 10000 # max commits depth for searching, only used if `no_history` is false
since: null # scan from the given commit hash, only used if `no_history` is false
no_current: false # disable current status check
no_history: true # disable commit history check
context: 0 # number of context lines to include