mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-02-18 00:17:39 +01:00
Configures GitGuardian to ignore documentation examples and placeholder tokens while maintaining security scanning for actual code and configuration files. Ignores: - Documentation files (*.md, docs/) - Example/sample files - Known placeholder patterns (--token disabled, PULSE_URL_PLACEHOLDER) Still scans: - Source code (.go, .ts, .tsx, .js) - Real configuration files (.env, config.json) - Shell scripts (except ignored patterns)
31 lines
1.1 KiB
YAML
31 lines
1.1 KiB
YAML
version: 2
|
|
|
|
# GitGuardian Configuration
|
|
# Prevents false positives while maintaining security scanning
|
|
|
|
# Ignore documentation and example files where placeholder tokens are expected
|
|
paths-ignore:
|
|
- "**/*.md" # Documentation files with examples
|
|
- "**/docs/**" # Documentation directory
|
|
- "**/examples/**" # Example code
|
|
- "**/*.example" # Example configuration files
|
|
- "**/*.sample" # Sample files
|
|
|
|
# Ignore specific patterns that are known false positives
|
|
matches-ignore:
|
|
- name: Disabled token placeholder
|
|
match: "--token disabled"
|
|
- name: Token environment variable placeholder
|
|
match: "PULSE_TOKEN_PLACEHOLDER"
|
|
- name: URL placeholder
|
|
match: "PULSE_URL_PLACEHOLDER"
|
|
- name: Generic documentation placeholders
|
|
match: "your-api-token|replace-me|<token>|<your-api-token>"
|
|
|
|
# Keep scanning enabled for actual code and config
|
|
# GitGuardian will still catch real secrets in:
|
|
# - Source code (.go, .ts, .tsx, .js, etc.)
|
|
# - Configuration files (.env, config.json, etc.)
|
|
# - Scripts (.sh that don't match ignored patterns)
|
|
# - Any file not explicitly ignored above
|