UPSTREAM: <carry>: Exclude false positives from gitleaks scanner

There are a ton of credentials in our test suite because of how keda works, but every last one of them is fake/useless. This just excludes our test files from the scanner so they will stop generating false-positives. The preferred method to deal with them is to comment the exact line as "# notasecret" but that's not feasible given the size of the test suite and the number of fake credentials. This should cut down on the scary false positive ALERT! emails. Signed-off-by: John Kyros <jkyros@redhat.com>
openshift · Jul 26, 2024 · ad02837 · ad02837
1 parent 98e23ea
commit ad02837
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/.gitleaks.toml b/.gitleaks.toml
@@ -0,0 +1,12 @@
+[allowlist]
+  description = "Global Allowlist"
+
+  # Ignore based on any subset of the file path
+  paths = [
+    # Because of how keda works, almost every test has test credentials in them, it's not 
+    # feasible to tag every single one with "# notasecret" 
+    '''.*_test.go$''',
+  ]
+  # Ignore based on any subset of the line
+  regexes = [
+  ]