Skip to content

Commit 22ed5d5

Browse files
brickspertbrickspert
committed
chore: add git leaks action
1 parent f4f8cb7 commit 22ed5d5

File tree

3 files changed

+2588
-936
lines changed

3 files changed

+2588
-936
lines changed

.github/workflows/gitleaks.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
name: gitleaks
2+
3+
on: [push,pull_request]
4+
5+
jobs:
6+
gitleaks:
7+
runs-on: ubuntu-latest
8+
steps:
9+
- uses: actions/checkout@v1
10+
- name: gitleaks-action
11+
uses: zricethezav/gitleaks-action@master

.gitleaks.toml

Lines changed: 124 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,124 @@
1+
title = "gitleaks config"
2+
[[rules]]
3+
description = "AWS Manager ID"
4+
regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
5+
tags = ["key", "AWS"]
6+
[[rules]]
7+
description = "AWS Secret Key"
8+
regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
9+
tags = ["key", "AWS"]
10+
[[rules]]
11+
description = "AWS MWS key"
12+
regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
13+
tags = ["key", "AWS", "MWS"]
14+
[[rules]]
15+
description = "Facebook Secret Key"
16+
regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
17+
tags = ["key", "Facebook"]
18+
[[rules]]
19+
description = "Facebook Client ID"
20+
regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
21+
tags = ["key", "Facebook"]
22+
[[rules]]
23+
description = "Twitter Secret Key"
24+
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
25+
tags = ["key", "Twitter"]
26+
[[rules]]
27+
description = "Twitter Client ID"
28+
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
29+
tags = ["client", "Twitter"]
30+
[[rules]]
31+
description = "Github"
32+
regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
33+
tags = ["key", "Github"]
34+
[[rules]]
35+
description = "Github Token"
36+
regex = '''[0-9a-zA-Z]{35,40}'''
37+
tags = ["key", "Github Token"]
38+
[[rules]]
39+
description = "Alibaba"
40+
regex = '''(alibaba|antfin)-inc'''
41+
tags = ["key", "Alibaba"]
42+
[[rules]]
43+
description = "antfin"
44+
regex = '''(?i)antfin(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
45+
tags = ["key", "Antfin"]
46+
[[rules]]
47+
description = "LinkedIn Client ID"
48+
regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]'''
49+
tags = ["client", "LinkedIn"]
50+
[[rules]]
51+
description = "LinkedIn Secret Key"
52+
regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]'''
53+
tags = ["secret", "LinkedIn"]
54+
[[rules]]
55+
description = "Slack"
56+
regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
57+
tags = ["key", "Slack"]
58+
[[rules]]
59+
description = "Asymmetric Private Key"
60+
regex = '''-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----'''
61+
tags = ["key", "AsymmetricPrivateKey"]
62+
[[rules]]
63+
description = "Public Key"
64+
regex = '''ssh-rsa'''
65+
tags = ["keys", "public key"]
66+
[[rules]]
67+
description = "Gitlab Key"
68+
regex = '''privateToken|private-token'''
69+
tags = ["keys", "Gitlab"]
70+
[[rules]]
71+
description = "Generic Credential"
72+
regex = '''(?i)(api_key|apikey|secret)(.{0,20})?['|"][0-9a-zA-Z]{16,45}['|"]'''
73+
tags = ["key", "API", "generic"]
74+
[[rules]]
75+
description = "Google API key"
76+
regex = '''AIza[0-9A-Za-z\\-_]{35}'''
77+
tags = ["key", "Google"]
78+
[[rules]]
79+
description = "Heroku API key"
80+
regex = '''(?i)heroku(.{0,20})?['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]'''
81+
tags = ["key", "Heroku"]
82+
[[rules]]
83+
description = "MailChimp API key"
84+
regex = '''(?i)(mailchimp|mc)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
85+
tags = ["key", "Mailchimp"]
86+
[[rules]]
87+
description = "Mailgun API key"
88+
regex = '''(?i)(mailgun|mg)(.{0,20})?['"][0-9a-z]{32}['"]'''
89+
tags = ["key", "Mailgun"]
90+
[[rules]]
91+
description = "PayPal Braintree access token"
92+
regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
93+
tags = ["key", "Paypal"]
94+
[[rules]]
95+
description = "Picatic API key"
96+
regex = '''sk_live_[0-9a-z]{32}'''
97+
tags = ["key", "Picatic"]
98+
[[rules]]
99+
description = "SendGrid API Key"
100+
regex = '''SG\.[\w_]{16,32}\.[\w_]{16,64}'''
101+
tags = ["key", "SendGrid"]
102+
[[rules]]
103+
description = "Slack Webhook"
104+
regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
105+
tags = ["key", "slack"]
106+
[[rules]]
107+
description = "Stripe API key"
108+
regex = '''(?i)stripe(.{0,20})?['\"][sk|rk]_live_[0-9a-zA-Z]{24}'''
109+
tags = ["key", "Stripe"]
110+
[[rules]]
111+
description = "Square access token"
112+
regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
113+
tags = ["key", "square"]
114+
[[rules]]
115+
description = "Square OAuth secret"
116+
regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
117+
tags = ["key", "square"]
118+
[[rules]]
119+
description = "Twilio API key"
120+
regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
121+
tags = ["key", "twilio"]
122+
[whitelist]
123+
description = "Whitelisted files"
124+
file = '''(^\.?gitleaks.toml$|(.*?)(jpg|gif|doc|pdf|bin)$)'''

0 commit comments

Comments
 (0)