feat: add gitleaks secret scanning to quality rails #5

Merged

jason.woltje merged 1 commits from feat/gitleaks-secret-scanning into main 2026-02-24 20:46:50 +00:00

Conversation 0 Commits 1 Files Changed 11 +306 -20

jason.woltje commented 2026-02-24 20:45:54 +00:00

Owner

Copy Link

Replace git-secrets with mandatory gitleaks scanning in pre-commit hooks and CI. Adds shared .gitleaks.toml config with 12 custom rules. Install and verify scripts updated.

Replace git-secrets with mandatory gitleaks scanning in pre-commit hooks and CI. Adds shared .gitleaks.toml config with 12 custom rules. Install and verify scripts updated.

jason.woltje added 1 commit 2026-02-24 20:45:55 +00:00

feat: add gitleaks secret scanning to quality rails ... f537f1ca7f

Replace non-blocking git-secrets with mandatory gitleaks scanning:
- Pre-commit: blocks commit if gitleaks not installed or secrets found
- CI: pinned gitleaks Docker image scans each commit in Woodpecker
- Shared .gitleaks.toml with 12 custom rules for database URLs,
  alembic.ini, bearer tokens, PEM keys, docker-compose secrets, etc.
- Stopwords suppress localhost/changeme/placeholder false positives
- Install/verify scripts updated for gitleaks (no longer optional)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

jason.woltje merged commit 38223c8ec2 into main 2026-02-24 20:46:50 +00:00

jason.woltje deleted branch feat/gitleaks-secret-scanning 2026-02-24 20:46:50 +00:00

jason.woltje referenced this issue from a commit 2026-02-24 20:46:51 +00:00

feat: add gitleaks secret scanning to quality rails (#5)

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

jason.woltje

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaic/bootstrap#5