-
-
Notifications
You must be signed in to change notification settings - Fork 199
Expand file tree
/
Copy path.secretscanignore
More file actions
38 lines (32 loc) · 1022 Bytes
/
.secretscanignore
File metadata and controls
38 lines (32 loc) · 1022 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# .secretscanignore — patterns to exclude from secret scanning
#
# Format:
# filepath:regex — ignore matches of regex only in the given file
# regex — ignore matches of regex in all files
#
# Examples:
# tests/fixtures/fake-creds.json:AKIA.*
# EXAMPLE_KEY_DO_NOT_USE
# src/config.example.ts:password\s*=\s*"changeme"
# Secret scanner test file (contains intentional fake secrets as test inputs)
src/tests/secret-scan.test.ts:.*
# Test fixtures with dummy credentials
tests/*:AKIA_EXAMPLE
tests/*:test-secret-value
tests/*:fake[-_]?(password|secret|token|key)
# Doctor environment tests use dummy localhost DB URLs
src/resources/extensions/gsd/tests/doctor-environment.test.ts:postgres://localhost
# Documentation examples
*.md:AKIA[0-9A-Z]{16}
*.md:sk_(live|test)_
# Environment variable references (not actual values)
process\.env\.\w+
\$\{?\w+_KEY\}?
\$\{?\w+_SECRET\}?
\$\{?\w+_TOKEN\}?
# Placeholder/example values
changeme
your[-_]?api[-_]?key[-_]?here
REPLACE_ME
xxx+
TODO.*secret