Files
Pulse/.github
rcourtman 07afa94d19 feat(security): add gitleaks secret scanning to pre-commit hook and CI
Add three layers of secret leak prevention:

1. .gitleaks.toml — config extending the default ruleset (~150 rules for
   AWS, GCP, Stripe, OpenAI, private keys, JWTs, etc.) with allowlists
   tuned to suppress false positives from test fixtures and docs.

2. .husky/pre-commit — enhanced with gitleaks protect --staged (graceful
   skip if not installed), sensitive file type blocking (.pem, .key, .enc,
   id_rsa, etc.), and broadened fallback patterns covering AWS, OpenAI,
   GCP, and private key headers alongside existing Stripe checks.

3. .github/workflows/build-and-test.yml — new secret-scan CI job using
   gitleaks-action that runs in parallel with build on every push/PR,
   serving as the last gate if someone bypasses local hooks.
2026-02-04 09:52:54 +00:00
..