feat: add Gitleaks config and CI workflow#22
Open
stevefulme1 wants to merge 1 commit intoredhat-cop:mainfrom
Open
feat: add Gitleaks config and CI workflow#22stevefulme1 wants to merge 1 commit intoredhat-cop:mainfrom
stevefulme1 wants to merge 1 commit intoredhat-cop:mainfrom
Conversation
Adds .gitleaks.toml with custom rules for Ansible-specific credential patterns (OpenShift API keys, Automation Hub tokens, container registry passwords) and allowlists for placeholder values and Jinja2 templates. Adds a GitHub Actions workflow to run Gitleaks on pushes and PRs. Resolves: MFG-376 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.gitleaks.tomlwith default rules extended by custom Ansible-specific credential detection patterns (OpenShift API keys, Automation Hub tokens, container registry passwords)changeme), Jinja2 template variables ({{ }}), Ansible Vault references, example domains, and YAML commentsdefaults/main.ymlandinventory.ymlwhere variable declarations use block scalar indicators.github/workflows/gitleaks.ymlGitHub Actions workflow to run Gitleaks on pushes to main and all PRs.pre-commit-config.yamlRelated
Test plan
gitleaks detect --config .gitleaks.toml --no-gitreports no false positives on the current codebase🤖 Generated with Claude Code