f537f1ca7f
Replace non-blocking git-secrets with mandatory gitleaks scanning: - Pre-commit: blocks commit if gitleaks not installed or secrets found - CI: pinned gitleaks Docker image scans each commit in Woodpecker - Shared .gitleaks.toml with 12 custom rules for database URLs, alembic.ini, bearer tokens, PEM keys, docker-compose secrets, etc. - Stopwords suppress localhost/changeme/placeholder false positives - Install/verify scripts updated for gitleaks (no longer optional) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2.3 KiB
Executable File
2.3 KiB
Executable File