feat: add gitleaks secret scanning to quality rails #5

Merged

jason.woltje merged 1 commits from feat/gitleaks-secret-scanning into main

2026-02-24 20:46:50 +00:00

Author	SHA1	Message	Date
Jason Woltje	f537f1ca7f	feat: add gitleaks secret scanning to quality rails Replace non-blocking git-secrets with mandatory gitleaks scanning: - Pre-commit: blocks commit if gitleaks not installed or secrets found - CI: pinned gitleaks Docker image scans each commit in Woodpecker - Shared .gitleaks.toml with 12 custom rules for database URLs, alembic.ini, bearer tokens, PEM keys, docker-compose secrets, etc. - Stopwords suppress localhost/changeme/placeholder false positives - Install/verify scripts updated for gitleaks (no longer optional) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-24 14:45:24 -06:00

Author

SHA1

Message

Date

Jason Woltje

f537f1ca7f

feat: add gitleaks secret scanning to quality rails

Replace non-blocking git-secrets with mandatory gitleaks scanning:
- Pre-commit: blocks commit if gitleaks not installed or secrets found
- CI: pinned gitleaks Docker image scans each commit in Woodpecker
- Shared .gitleaks.toml with 12 custom rules for database URLs,
  alembic.ini, bearer tokens, PEM keys, docker-compose secrets, etc.
- Stopwords suppress localhost/changeme/placeholder false positives
- Install/verify scripts updated for gitleaks (no longer optional)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-24 14:45:24 -06:00

feat: add gitleaks secret scanning to quality rails #5

1 Commits