Tanya
7dd95cbcd0
Some checks failed
CI / skip-ci-check (pull_request) Successful in 1m28s
CI / lint-and-type-check (pull_request) Successful in 2m7s
CI / python-lint (pull_request) Successful in 1m54s
CI / test-backend (pull_request) Successful in 3m10s
CI / build (pull_request) Failing after 1m35s
CI / secret-scanning (pull_request) Successful in 1m37s
CI / dependency-scan (pull_request) Successful in 1m35s
CI / sast-scan (pull_request) Successful in 2m45s
CI / workflow-summary (pull_request) Successful in 1m28s
This commit introduces a Gitleaks configuration file to manage known false positives and improve security by preventing the accidental exposure of sensitive information. Additionally, it enhances the CI workflow by adding a step to validate backend imports and application structure, ensuring that core modules and API routers can be imported successfully without starting the server or connecting to a database.
26 lines
829 B
TOML
26 lines
829 B
TOML
# Gitleaks configuration file
|
|
# This file configures gitleaks to ignore known false positives
|
|
|
|
title = "PunimTag Gitleaks Configuration"
|
|
|
|
[allowlist]
|
|
description = "Allowlist for known false positives and test files"
|
|
|
|
# Ignore demo photos directory (contains sample/test HTML files)
|
|
paths = [
|
|
'''demo_photos/.*''',
|
|
]
|
|
|
|
# Ignore specific commits that contain known false positives
|
|
# These are test tokens or sample files, not real secrets
|
|
commits = [
|
|
"77ffbdcc5041cd732bfcbc00ba513bccb87cfe96", # test_api_auth.py expired_token test
|
|
"d300eb1122d12ffb2cdc3fab6dada520b53c20da", # demo_photos/imgres.html sample file
|
|
]
|
|
|
|
# Allowlist specific regex patterns for test files
|
|
regexes = [
|
|
'''tests/test_api_auth.py.*expired_token.*eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.eyJzdWIiOiJhZG1pbiIsImV4cCI6MTYwOTQ1NjgwMH0\.invalid''',
|
|
]
|
|
|