thePR0M3TH3AN/seedPass
1
0
Fork 0
mirror of https://github.com/PR0M3TH3AN/SeedPass.git synced 2025-09-07 14:58:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: add secret scanning

Browse Source
This commit is contained in:
thePR0M3TH3AN
2025-08-03 10:27:13 -04:00
parent 59c06041fd
commit 2c44f51fc4
3 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs/secret-scanning.md Normal file
View File

@@ -0,0 +1,17 @@
# Secret Scanning
SeedPass uses [Gitleaks](https://github.com/gitleaks/gitleaks) to scan the repository for accidentally committed secrets. The scan runs automatically for pull requests and on a nightly schedule. Any findings will cause the build to fail.
## Suppressing False Positives
If a file or string triggers the scanner but does not contain a real secret, add it to the allowlist in `.gitleaks.toml`.
```toml
[allowlist]
# Ignore specific files
paths = ["path/to/file.txt"]
# Ignore strings that match a regular expression
regexes = ["""dummy_api_key"""]
```
Commit the updated `.gitleaks.toml` to stop future alerts for the allowed items.