RubyGems - gitlab-secret_detection - Versions diffs - 0.8.0 → 0.10.0 - Mend

gitlab-secret_detection 0.8.0 → 0.10.0

Files changed (8) hide show

checksums.yaml +4 -4
data/README.md +14 -2
data/lib/gitlab/secret_detection/core/ruleset.rb +1 -1
data/lib/gitlab/secret_detection/core/scanner.rb +9 -2
data/lib/gitlab/secret_detection/grpc/generated/secret_detection_pb.rb +1 -1
data/proto/secret_detection.proto +1 -0
metadata +2 -3
data/lib/gitlab/secret_detection/core/gitleaks.toml +0 -1084

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a05ed2079c4cbdfe4b79681687fa7ac880ba9af384dbf7143374e009eb6e8eac
-  data.tar.gz: 73f0c96737d1816793c96734541fbe9d1785925fadfa10a622849a74091493f5
+  metadata.gz: d8c9973848eb3af18a6877e6d1e9934e69511fb9c41864f4b822791369e97ec0
+  data.tar.gz: f3b2679ae7b92b6b926ee2bdbe552bbae3c5ad07670d36d018a812b354fd3a55
 SHA512:
-  metadata.gz: 1dd99d867f15ae626ace54f3f30dcc344d4b13d421cbfd61ddefa1afeb6d6f971e6b1700aa789e916eb55d3e76b2b2f956693be42235f28d17b23b9f1ea017bb
-  data.tar.gz: 3788076e7734be035b63bc64ad59d1d3be1303098cd94d0da27f20bbf4569e5250cbc3f57bb33fd99478c5cdeba214174cef40fd7e095a9f04c12015894dd6d2
+  metadata.gz: f5d371430a4c8c6051dadcee41071ac03d5fcd7e39cd726fa6d9ed0f59008813ad3b27efb2ebc185218eeeb15ae747b48a8d053065e64217a55f052505b45174
+  data.tar.gz: 807521d0c06bc757eb51dc4536bc335a34fb0606c64b77ad94145dcbb829105a70efef8c606771c0340330f9bb4bb4af00193795165bc38068b6d174614b06d3

data/README.md CHANGED Viewed

@@ -42,7 +42,7 @@ the approach:
 │           ├── core/..                  # Secret detection logic (most of it pulled from existing gem)
 │           └── grpc
 │               ├── generated/..         # gRPC generated files and secret detection gRPC service
-│               ├── client/..            # gRPC client to invoke secret detection service's RPC endpoints
+│               ├── client/..            # gRPC client to invoke secret detection service's RPC endpoints
 │               └── scanner_service.rb   # Secret detection gRPC service implementation
 ├── examples
 │   └── sample-client/..                 # Sample Ruby RPC client that connects with gRPC server and calls RPC scan
@@ -54,7 +54,8 @@ the approach:
 ├── spec/..                              # Rspec tests and related test helpers
 ├── gitlab-secret_detection.gemspec      # Gemspec file for Ruby Gem
 ├── Dockerfile                           # Dockerfile for running gRPC server
-└── Makefile                             # All the CLI commands placed here
+├── Makefile                             # All the CLI commands placed here
+└── RULES_VERSION                        # Current version of secret-detection-rules
 ```
 ### Makefile commands
@@ -63,6 +64,7 @@ Usage `make <command>`
 | Command             | Description                                                                                                                     |
 |---------------------|---------------------------------------------------------------------------------------------------------------------------------|
+| `install_secret_detection_rules` | Downloads secret-detection-rules based on package version defined in RULES_VERSION                                 |
 | `install`           | Installs ruby gems in the project using Ruby bundler                                                                            |
 | `lint_fix`          | Fixes all the fixable Rubocop lint offenses                                                                                     |
 | `gem_clean`         | Cleans existing gem file(if any) generated through gem build process                                                            |
@@ -75,6 +77,16 @@ Usage `make <command>`
 | `run_grpc_tests`    | Runs RSpec tests for Secret Detection gRPC endpoints                                                                            |
 | `run_all_tests`     | Runs all the RSpec tests in the project                                                                                         |
+## Secret Detection Rules
+The make target `install_secret_detection_rules` fetches the version of the
+[secret detection rules package](https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules/-/packages)
+specified in the `RULES_VERSION` file and extracts the secret_push_protection_rules.toml rule file.
+The command is called when running tests as well as when building the Dockerfile.
+The secret_push_protection_rules.toml file is added to .gitignore to
+avoid checking in changes.
 ## Generating a ruby gem
 In the project directory, run `make gem` command in the terminal that builds a ruby gem(ex: `secret_detection-0.1.0.gem`) in the root of

data/lib/gitlab/secret_detection/core/ruleset.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Gitlab
     module Core
       class Ruleset
         # file path where the secrets ruleset file is located
-        RULESET_FILE_PATH = File.expand_path('gitleaks.toml', __dir__)
+        RULESET_FILE_PATH = File.expand_path('secret_push_protection_rules.toml', __dir__)
         def initialize(path: RULESET_FILE_PATH, logger: Logger.new($stdout))
           @path = path

data/lib/gitlab/secret_detection/core/scanner.rb CHANGED Viewed

@@ -260,6 +260,8 @@ module Gitlab
         def find_secrets_in_payload(payload:, pattern_matcher:, raw_value_exclusions: [], rule_exclusions: [])
           findings = []
+          payload_offset = payload.respond_to?(:offset) ? payload.offset : 0
           payload.data
                  .each_line($INPUT_RECORD_SEPARATOR, chomp: true)
                  .each_with_index do |line, index|
@@ -271,7 +273,11 @@ module Gitlab
             next if line.empty?
-            line_no = index + 1
+            # If payload offset is given then we will compute absolute line number i.e.,
+            # offset + relative_line_number - 1. In this scenario, index is equivalent to relative_line_number - 1.
+            # Whereas, when payload offset is not given, we'll set the line number relative to the beginning of the
+            # payload. In this scenario it will be index + 1.
+            line_no = payload_offset.positive? ? payload_offset + index : index + 1
             matches = pattern_matcher.match(line, exception: false) # returns indices of matched patterns
@@ -280,7 +286,8 @@ module Gitlab
               next if rule_exclusions.include?(rule[:id])
-              findings << Core::Finding.new(payload.id, Core::Status::FOUND, line_no, rule[:id], rule[:description])
+              findings << Core::Finding.new(payload.id, Core::Status::FOUND, line_no, rule[:id],
+                rule[:description])
             end
           end

data/lib/gitlab/secret_detection/grpc/generated/secret_detection_pb.rb CHANGED Viewed

@@ -5,7 +5,7 @@
 require 'google/protobuf'
-descriptor_data = "\n\x16secret_detection.proto\x12\x17gitlab.secret_detection\"\xfc\x03\n\x0bScanRequest\x12>\n\x08payloads\x18\x01 \x03(\x0b\x32,.gitlab.secret_detection.ScanRequest.Payload\x12\x19\n\x0ctimeout_secs\x18\x02 \x01(\x02H\x00\x88\x01\x01\x12!\n\x14payload_timeout_secs\x18\x03 \x01(\x02H\x01\x88\x01\x01\x12\x42\n\nexclusions\x18\x04 \x03(\x0b\x32..gitlab.secret_detection.ScanRequest.Exclusion\x12\x0c\n\x04tags\x18\x05 \x03(\t\x1a#\n\x07Payload\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0c\n\x04\x64\x61ta\x18\x02 \x01(\t\x1a\x66\n\tExclusion\x12J\n\x0e\x65xclusion_type\x18\x01 \x01(\x0e\x32\x32.gitlab.secret_detection.ScanRequest.ExclusionType\x12\r\n\x05value\x18\x02 \x01(\t\"f\n\rExclusionType\x12\x1e\n\x1a\x45XCLUSION_TYPE_UNSPECIFIED\x10\x00\x12\x17\n\x13\x45XCLUSION_TYPE_RULE\x10\x01\x12\x1c\n\x18\x45XCLUSION_TYPE_RAW_VALUE\x10\x02\x42\x0f\n\r_timeout_secsB\x17\n\x15_payload_timeout_secs\"\xe2\x03\n\x0cScanResponse\x12>\n\x07results\x18\x01 \x03(\x0b\x32-.gitlab.secret_detection.ScanResponse.Finding\x12\x0e\n\x06status\x18\x02 \x01(\x05\x1a\x9d\x01\n\x07\x46inding\x12\x12\n\npayload_id\x18\x01 \x01(\t\x12\x0e\n\x06status\x18\x02 \x01(\x05\x12\x11\n\x04type\x18\x03 \x01(\tH\x00\x88\x01\x01\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x01\x88\x01\x01\x12\x18\n\x0bline_number\x18\x05 \x01(\x05H\x02\x88\x01\x01\x42\x07\n\x05_typeB\x0e\n\x0c_descriptionB\x0e\n\x0c_line_number\"\xe1\x01\n\x06Status\x12\x16\n\x12STATUS_UNSPECIFIED\x10\x00\x12\x10\n\x0cSTATUS_FOUND\x10\x01\x12\x1c\n\x18STATUS_FOUND_WITH_ERRORS\x10\x02\x12\x17\n\x13STATUS_SCAN_TIMEOUT\x10\x03\x12\x1a\n\x16STATUS_PAYLOAD_TIMEOUT\x10\x04\x12\x15\n\x11STATUS_SCAN_ERROR\x10\x05\x12\x16\n\x12STATUS_INPUT_ERROR\x10\x06\x12\x14\n\x10STATUS_NOT_FOUND\x10\x07\x12\x15\n\x11STATUS_AUTH_ERROR\x10\x08\x32\xc1\x01\n\x07Scanner\x12U\n\x04Scan\x12$.gitlab.secret_detection.ScanRequest\x1a%.gitlab.secret_detection.ScanResponse\"\x00\x12_\n\nScanStream\x12$.gitlab.secret_detection.ScanRequest\x1a%.gitlab.secret_detection.ScanResponse\"\x00(\x01\x30\x01\x42 \xea\x02\x1dGitlab::SecretDetection::GRPCb\x06proto3"
+descriptor_data = "\n\x16secret_detection.proto\x12\x17gitlab.secret_detection\"\x9c\x04\n\x0bScanRequest\x12>\n\x08payloads\x18\x01 \x03(\x0b\x32,.gitlab.secret_detection.ScanRequest.Payload\x12\x19\n\x0ctimeout_secs\x18\x02 \x01(\x02H\x00\x88\x01\x01\x12!\n\x14payload_timeout_secs\x18\x03 \x01(\x02H\x01\x88\x01\x01\x12\x42\n\nexclusions\x18\x04 \x03(\x0b\x32..gitlab.secret_detection.ScanRequest.Exclusion\x12\x0c\n\x04tags\x18\x05 \x03(\t\x1a\x43\n\x07Payload\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0c\n\x04\x64\x61ta\x18\x02 \x01(\t\x12\x13\n\x06offset\x18\x03 \x01(\x05H\x00\x88\x01\x01\x42\t\n\x07_offset\x1a\x66\n\tExclusion\x12J\n\x0e\x65xclusion_type\x18\x01 \x01(\x0e\x32\x32.gitlab.secret_detection.ScanRequest.ExclusionType\x12\r\n\x05value\x18\x02 \x01(\t\"f\n\rExclusionType\x12\x1e\n\x1a\x45XCLUSION_TYPE_UNSPECIFIED\x10\x00\x12\x17\n\x13\x45XCLUSION_TYPE_RULE\x10\x01\x12\x1c\n\x18\x45XCLUSION_TYPE_RAW_VALUE\x10\x02\x42\x0f\n\r_timeout_secsB\x17\n\x15_payload_timeout_secs\"\xe2\x03\n\x0cScanResponse\x12>\n\x07results\x18\x01 \x03(\x0b\x32-.gitlab.secret_detection.ScanResponse.Finding\x12\x0e\n\x06status\x18\x02 \x01(\x05\x1a\x9d\x01\n\x07\x46inding\x12\x12\n\npayload_id\x18\x01 \x01(\t\x12\x0e\n\x06status\x18\x02 \x01(\x05\x12\x11\n\x04type\x18\x03 \x01(\tH\x00\x88\x01\x01\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x01\x88\x01\x01\x12\x18\n\x0bline_number\x18\x05 \x01(\x05H\x02\x88\x01\x01\x42\x07\n\x05_typeB\x0e\n\x0c_descriptionB\x0e\n\x0c_line_number\"\xe1\x01\n\x06Status\x12\x16\n\x12STATUS_UNSPECIFIED\x10\x00\x12\x10\n\x0cSTATUS_FOUND\x10\x01\x12\x1c\n\x18STATUS_FOUND_WITH_ERRORS\x10\x02\x12\x17\n\x13STATUS_SCAN_TIMEOUT\x10\x03\x12\x1a\n\x16STATUS_PAYLOAD_TIMEOUT\x10\x04\x12\x15\n\x11STATUS_SCAN_ERROR\x10\x05\x12\x16\n\x12STATUS_INPUT_ERROR\x10\x06\x12\x14\n\x10STATUS_NOT_FOUND\x10\x07\x12\x15\n\x11STATUS_AUTH_ERROR\x10\x08\x32\xc1\x01\n\x07Scanner\x12U\n\x04Scan\x12$.gitlab.secret_detection.ScanRequest\x1a%.gitlab.secret_detection.ScanResponse\"\x00\x12_\n\nScanStream\x12$.gitlab.secret_detection.ScanRequest\x1a%.gitlab.secret_detection.ScanResponse\"\x00(\x01\x30\x01\x42 \xea\x02\x1dGitlab::SecretDetection::GRPCb\x06proto3"
 pool = Google::Protobuf::DescriptorPool.generated_pool
 pool.add_serialized_file(descriptor_data)

data/proto/secret_detection.proto CHANGED Viewed

@@ -12,6 +12,7 @@ message ScanRequest {
   message Payload {
     string id = 1;
     string data = 2;
+    optional int32 offset = 3;
   }
   // Either provide rule type or a particular value to allow during the scan

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-secret_detection
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.10.0
 platform: ruby
 authors:
 - group::secret detection
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-18 00:00:00.000000000 Z
+date: 2024-11-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grpc
@@ -100,7 +100,6 @@ files:
 - lib/gitlab/secret_detection.rb
 - lib/gitlab/secret_detection/core.rb
 - lib/gitlab/secret_detection/core/finding.rb
-- lib/gitlab/secret_detection/core/gitleaks.toml
 - lib/gitlab/secret_detection/core/response.rb
 - lib/gitlab/secret_detection/core/ruleset.rb
 - lib/gitlab/secret_detection/core/scanner.rb

data/lib/gitlab/secret_detection/core/gitleaks.toml DELETED Viewed

@@ -1,1084 +0,0 @@
-# This file contains a subset of rules pulled from the original source file.
-# Original Source: https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/blob/master/gitleaks.toml
-# Reference: https://gitlab.com/gitlab-org/gitlab/-/issues/427011
-title = "gitleaks config"
-[[rules]]
-id = "gitlab_personal_access_token"
-description = "GitLab Personal Access Token"
-regex = '''\bglpat-[0-9a-zA-Z_\-]{20}\b'''
-tags = ["gitlab", "revocation_type", "gitlab_blocking"]
-keywords = [
-    "glpat",
-]
-[[rules]]
-id = "gitlab_pipeline_trigger_token"
-description = "GitLab Pipeline Trigger Token"
-regex = '''\bglptt-[0-9a-zA-Z_\-]{40}\b'''
-tags = ["gitlab", "gitlab_blocking"]
-keywords = [
-    "glptt",
-]
-[[rules]]
-id = "gitlab_runner_registration_token"
-description = "GitLab Runner Registration Token"
-regex = '''\bGR1348941[0-9a-zA-Z_\-]{20}\b'''
-tags = ["gitlab", "gitlab_blocking"]
-keywords = [
-    "GR1348941",
-]
-[[rules]]
-id = "gitlab_runner_auth_token"
-description = "GitLab Runner Authentication Token"
-regex = '''\bglrt-[0-9a-zA-Z_\-]{20}\b'''
-tags = ["gitlab", "gitlab_blocking"]
-keywords = [
-    "glrt",
-]
-[[rules]]
-id = "gitlab_feed_token"
-description = "GitLab Feed Token"
-regex = '''\bfeed_token=[0-9a-zA-Z_\-]{20}\b'''
-tags = ["gitlab"]
-keywords = [
-    "feed_token",
-]
-[[rules]]
-id = "gitlab_oauth_app_secret"
-description = "GitLab OAuth Application Secrets"
-regex = '''\bgloas-[0-9a-zA-Z_\-]{64}\b'''
-tags = ["gitlab", "gitlab_blocking"]
-keywords = [
-    "gloas",
-]
-[[rules]]
-id = "gitlab_feed_token_v2"
-description = "GitLab Feed token"
-regex = '''\bglft-[0-9a-zA-Z_\-]{20}\b'''
-tags = ["gitlab", "gitlab_blocking"]
-keywords = [
-    "glft",
-]
-[[rules]]
-id = "gitlab_kubernetes_agent_token"
-description = "GitLab Agent for Kubernetes token"
-regex = '''\bglagent-[0-9a-zA-Z_\-]{50}\b'''
-tags = ["gitlab", "gitlab_blocking"]
-keywords = [
-    "glagent",
-]
-[[rules]]
-id = "gitlab_incoming_email_token"
-description = "GitLab Incoming email token"
-regex = '''\bglimt-[0-9a-zA-Z_\-]{25}\b'''
-tags = ["gitlab", "gitlab_blocking"]
-keywords = [
-    "glimt",
-]
-[[rules]]
-id = "gitlab_deploy_token"
-description = "GitLab Deploy Token"
-regex = '''\bgldt-[0-9a-zA-Z_\-]{20}\b'''
-tags = ["gitlab"]
-keywords = [
-    "gldt",
-]
-[[rules]]
-id = "gitlab_scim_oauth_token"
-description = "GitLab SCIM token"
-regex = '''\bglsoat-[0-9a-zA-Z_\-]{20}\b'''
-tags = ["gitlab"]
-keywords = [
-    "glsoat",
-]
-[[rules]]
-id = "gitlab_ci_build_token"
-description = "GitLab CI Build (Job) token"
-regex = '''\bglcbt-[0-9a-zA-Z]{1,5}_[0-9a-zA-Z_-]{20}\b'''
-tags = ["gitlab"]
-keywords = [
-    "glcbt",
-]
-[[rules]]
-id = "AWS"
-description = "AWS Access Token"
-regex = '''\bAKIA[0-9A-Z]{16}\b'''
-tags = ["aws", "revocation_type", "gitlab_blocking"]
-keywords = [
-    "AKIA",
-]
-# Cryptographic keys
-[[rules]]
-id = "PKCS8 private key"
-description = "PKCS8 private key"
-regex = '''-----BEGIN PRIVATE KEY-----'''
-keywords = [
-    "-----BEGIN PRIVATE KEY-----",
-]
-[[rules]]
-id = "RSA private key"
-description = "RSA private key"
-regex = '''-----BEGIN RSA PRIVATE KEY-----'''
-keywords = [
-    "-----BEGIN RSA PRIVATE KEY-----",
-]
-[[rules]]
-id = "SSH private key"
-description = "SSH private key"
-regex = '''-----BEGIN OPENSSH PRIVATE KEY-----'''
-keywords = [
-    "-----BEGIN OPENSSH PRIVATE KEY-----",
-]
-[[rules]]
-id = "PGP private key"
-description = "PGP private key"
-regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
-keywords = [
-    "-----BEGIN PGP PRIVATE KEY BLOCK-----",
-]
-[[rules]]
-description = "systemd machine-id"
-id = "systemd-machine-id"
-path = '''^machine-id$'''
-regex = '''^[0-9a-f]{32}\n$'''
-entropy = 3.5
-[[rules]]
-id = "Github Personal Access Token"
-description = "Github Personal Access Token"
-regex = '''ghp_[0-9a-zA-Z]{36}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "ghp_",
-]
-[[rules]]
-id = "Github OAuth Access Token"
-description = "Github OAuth Access Token"
-regex = '''gho_[0-9a-zA-Z]{36}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "gho_",
-]
-[[rules]]
-id = "SSH (DSA) private key"
-description = "SSH (DSA) private key"
-regex = '''-----BEGIN DSA PRIVATE KEY-----'''
-keywords = [
-    "-----BEGIN DSA PRIVATE KEY-----",
-]
-[[rules]]
-id = "SSH (EC) private key"
-description = "SSH (EC) private key"
-regex = '''-----BEGIN EC PRIVATE KEY-----'''
-keywords = [
-    "-----BEGIN EC PRIVATE KEY-----",
-]
-[[rules]]
-id = "Github App Token"
-description = "Github App Token"
-regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "ghu_",
-    "ghs_"
-]
-[[rules]]
-id = "Github Refresh Token"
-description = "Github Refresh Token"
-regex = '''ghr_[0-9a-zA-Z]{76}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "ghr_"
-]
-[[rules]]
-id = "Shopify shared secret"
-description = "Shopify shared secret"
-regex = '''shpss_[a-fA-F0-9]{32}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "shpss_"
-]
-[[rules]]
-id = "Shopify access token"
-description = "Shopify access token"
-regex = '''shpat_[a-fA-F0-9]{32}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "shpat_"
-]
-[[rules]]
-id = "Shopify custom app access token"
-description = "Shopify custom app access token"
-regex = '''shpca_[a-fA-F0-9]{32}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "shpca_"
-]
-[[rules]]
-id = "Shopify private app access token"
-description = "Shopify private app access token"
-regex = '''shppa_[a-fA-F0-9]{32}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "shppa_"
-]
-[[rules]]
-id = "Slack token"
-description = "Slack token"
-regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "xoxb",
-    "xoxa",
-    "xoxp",
-    "xoxr",
-    "xoxs",
-]
-[[rules]]
-id = "Stripe"
-description = "Stripe"
-regex = '''(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "sk_test",
-    "pk_test",
-    "sk_live",
-    "pk_live",
-]
-[[rules]]
-id = "PyPI upload token"
-description = "PyPI upload token"
-regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''
-tags = ["pypi", "revocation_type", "gitlab_blocking"]
-keywords = [
-    "pypi-AgEIcHlwaS5vcmc",
-]
-[[rules]]
-id = "Google (GCP) Service-account"
-description = "Google (GCP) Service-account"
-tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
-regex = '''\"private_key\":\s*\"-{5}BEGIN PRIVATE KEY-{5}[\s\S]*?",'''
-keywords = [
-    "service_account",
-]
-[[rules]]
-id = "GCP API key"
-description = "GCP API keys can be misused to gain API quota from billed projects"
-regex = '''(?i)\b(AIza[0-9A-Za-z-_]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
-tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
-keywords = [
-    "AIza",
-]
-[[rules]]
-id = "GCP OAuth client secret"
-description = "GCP OAuth client secrets can be misused to spoof your application"
-tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
-regex = '''GOCSPX-[a-zA-Z0-9_-]{28}'''
-keywords = [
-    "GOCSPX-",
-]
-[[rules]]
-# demo of this regex not matching passwords in urls that contain env vars:
-# https://regex101.com/r/rT9Lv9/6
-id = "Password in URL"
-description = "Password in URL"
-regex = '''[a-zA-Z]{3,10}:\/\/[^$][^:@\/\n]{3,20}:[^$][^:@\n\/]{3,40}@.{1,100}'''
-[[rules]]
-id = "Heroku API Key"
-description = "Heroku API Key"
-regex = '''(?i)(?:heroku)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60]|$)'''
-secretGroup = 1
-keywords = [
-    "heroku",
-]
-[[rules]]
-id = "Slack Webhook"
-description = "Slack Webhook"
-regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}'''
-keywords = [
-    "https://hooks.slack.com/services",
-]
-[[rules]]
-id = "Twilio API Key"
-description = "Twilio API Key"
-regex = '''SK[0-9a-fA-F]{32}'''
-keywords = [
-    "SK",
-    "twilio"
-]
-[[rules]]
-id = "Age secret key"
-description = "Age secret key"
-regex = '''AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}'''
-keywords = [
-    "AGE-SECRET-KEY-1",
-]
-[[rules]]
-id = "Facebook token"
-description = "Facebook token"
-regex = '''(?i)(facebook[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "facebook",
-]
-[[rules]]
-id = "Twitter token"
-description = "Twitter token"
-regex = '''(?i)(twitter[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{35,44})['\"]'''
-secretGroup = 3
-keywords = [
-    "twitter",
-]
-[[rules]]
-id = "Adobe Client ID (Oauth Web)"
-description = "Adobe Client ID (Oauth Web)"
-regex = '''(?i)(adobe[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "adobe",
-]
-[[rules]]
-id = "Adobe Client Secret"
-description = "Adobe Client Secret"
-regex = '''(p8e-)(?i)[a-z0-9]{32}'''
-keywords = [
-    "adobe",
-    "p8e-,"
-]
-[[rules]]
-id = "Alibaba AccessKey ID"
-description = "Alibaba AccessKey ID"
-regex = '''(LTAI)(?i)[a-z0-9]{20}'''
-keywords = [
-    "LTAI",
-]
-[[rules]]
-id = "Alibaba Secret Key"
-description = "Alibaba Secret Key"
-regex = '''(?i)(alibaba[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{30})['\"]'''
-secretGroup = 3
-keywords = [
-    "alibaba",
-]
-[[rules]]
-id = "Asana Client ID"
-description = "Asana Client ID"
-regex = '''(?i)(asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9]{16})['\"]'''
-secretGroup = 3
-keywords = [
-    "asana",
-]
-[[rules]]
-id = "Asana Client Secret"
-description = "Asana Client Secret"
-regex = '''(?i)(asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "asana",
-]
-[[rules]]
-id = "Atlassian API token"
-description = "Atlassian API token"
-regex = '''(?i)(atlassian[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{24})['\"]'''
-secretGroup = 3
-keywords = [
-    "atlassian",
-]
-[[rules]]
-id = "Bitbucket client ID"
-description = "Bitbucket client ID"
-regex = '''(?i)(bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "bitbucket",
-]
-[[rules]]
-id = "Bitbucket client secret"
-description = "Bitbucket client secret"
-regex = '''(?i)(bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9_\-]{64})['\"]'''
-secretGroup = 3
-keywords = [
-    "bitbucket",
-]
-[[rules]]
-id = "Beamer API token"
-description = "Beamer API token"
-regex = '''(?i)(beamer[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](b_[a-z0-9=_\-]{44})['\"]'''
-secretGroup = 3
-keywords = [
-    "beamer",
-]
-[[rules]]
-id = "Clojars API token"
-description = "Clojars API token"
-regex = '''(CLOJARS_)(?i)[a-z0-9]{60}'''
-keywords = [
-    "CLOJARS_",
-]
-[[rules]]
-id = "Contentful delivery API token"
-description = "Contentful delivery API token"
-regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
-secretGroup = 3
-keywords = [
-    "contentful",
-]
-[[rules]]
-id = "Contentful preview API token"
-description = "Contentful preview API token"
-regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
-secretGroup = 3
-keywords = [
-    "contentful",
-]
-[[rules]]
-id = "Databricks API token"
-description = "Databricks API token"
-regex = '''dapi[a-h0-9]{32}'''
-keywords = [
-    "dapi",
-    "databricks"
-]
-[[rules]]
-description = "DigitalOcean OAuth Access Token"
-id = "digitalocean-access-token"
-regex = '''(?i)\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
-keywords = [
-    "doo_v1_",
-]
-[[rules]]
-description = "DigitalOcean Personal Access Token"
-id = "digitalocean-pat"
-regex = '''(?i)\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
-keywords = [
-    "dop_v1_",
-]
-[[rules]]
-description = "DigitalOcean OAuth Refresh Token"
-id = "digitalocean-refresh-token"
-regex = '''(?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
-keywords = [
-    "dor_v1_",
-]
-[[rules]]
-id = "Discord API key"
-description = "Discord API key"
-regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
-secretGroup = 3
-keywords = [
-    "discord",
-]
-[[rules]]
-id = "Discord client ID"
-description = "Discord client ID"
-regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9]{18})['\"]'''
-secretGroup = 3
-keywords = [
-    "discord",
-]
-[[rules]]
-id = "Discord client secret"
-description = "Discord client secret"
-regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_\-]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "discord",
-]
-[[rules]]
-id = "Doppler API token"
-description = "Doppler API token"
-regex = '''['\"](dp\.pt\.)(?i)[a-z0-9]{43}['\"]'''
-keywords = [
-    "doppler",
-]
-[[rules]]
-id = "Dropbox API secret/key"
-description = "Dropbox API secret/key"
-regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{15})['\"]'''
-keywords = [
-    "dropbox",
-]
-[[rules]]
-id = "Dropbox short lived API token"
-description = "Dropbox short lived API token"
-regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](sl\.[a-z0-9\-=_]{135})['\"]'''
-keywords = [
-    "dropbox",
-]
-[[rules]]
-id = "Dropbox long lived API token"
-description = "Dropbox long lived API token"
-regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"][a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43}['\"]'''
-keywords = [
-    "dropbox",
-]
-[[rules]]
-id = "Duffel API token"
-description = "Duffel API token"
-regex = '''['\"]duffel_(test|live)_(?i)[a-z0-9_-]{43}['\"]'''
-keywords = [
-    "duffel",
-]
-[[rules]]
-id = "Dynatrace API token"
-description = "Dynatrace API token"
-regex = '''['\"]dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}['\"]'''
-keywords = [
-    "dt0c01",
-]
-[[rules]]
-id = "EasyPost API token"
-description = "EasyPost API token"
-regex = '''['\"]EZAK(?i)[a-z0-9]{54}['\"]'''
-keywords = [
-    "EZAK",
-]
-[[rules]]
-id = "EasyPost test API token"
-description = "EasyPost test API token"
-regex = '''['\"]EZTK(?i)[a-z0-9]{54}['\"]'''
-keywords = [
-    "EZTK",
-]
-[[rules]]
-id = "Fastly API token"
-description = "Fastly API token"
-regex = '''(?i)(fastly[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "fastly",
-]
-[[rules]]
-id = "Finicity client secret"
-description = "Finicity client secret"
-regex = '''(?i)(finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{20})['\"]'''
-secretGroup = 3
-keywords = [
-    "finicity",
-]
-[[rules]]
-id = "Finicity API token"
-description = "Finicity API token"
-regex = '''(?i)(finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "finicity",
-]
-[[rules]]
-id = "Flutterwave public key"
-description = "Flutterwave public key"
-regex = '''FLWPUBK_TEST-(?i)[a-h0-9]{32}-X'''
-keywords = [
-    "FLWPUBK_TEST",
-]
-[[rules]]
-id = "Flutterwave secret key"
-description = "Flutterwave secret key"
-regex = '''FLWSECK_TEST-(?i)[a-h0-9]{32}-X'''
-keywords = [
-    "FLWSECK_TEST",
-]
-[[rules]]
-id = "Flutterwave encrypted key"
-description = "Flutterwave encrypted key"
-regex = '''FLWSECK_TEST[a-h0-9]{12}'''
-keywords = [
-    "FLWSECK_TEST",
-]
-[[rules]]
-id = "Frame.io API token"
-description = "Frame.io API token"
-regex = '''fio-u-(?i)[a-z0-9-_=]{64}'''
-keywords = [
-    "fio-u-",
-]
-[[rules]]
-id = "GoCardless API token"
-description = "GoCardless API token"
-regex = '''['\"]live_(?i)[a-z0-9-_=]{40}['\"]'''
-keywords = [
-    "gocardless",
-]
-[[rules]]
-id = "Grafana API token"
-description = "Grafana API token"
-regex = '''['\"]eyJrIjoi(?i)[a-z0-9-_=]{72,92}['\"]'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "grafana",
-]
-[[rules]]
-id = "Hashicorp Terraform user/org API token"
-description = "Hashicorp Terraform user/org API token"
-regex = '''['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9-_=]{60,70}['\"]'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "atlasv1",
-    "hashicorp",
-    "terraform"
-]
-[[rules]]
-id = "Hashicorp Vault batch token"
-description = "Hashicorp Vault batch token"
-regex = '''b\.AAAAAQ[0-9a-zA-Z_-]{156}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "hashicorp",
-    "AAAAAQ",
-    "vault"
-]
-[[rules]]
-id = "Hubspot API token"
-description = "Hubspot API token"
-regex = '''(?i)(hubspot[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
-secretGroup = 3
-keywords = [
-    "hubspot",
-]
-[[rules]]
-id = "Intercom API token"
-description = "Intercom API token"
-regex = '''(?i)(intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_]{60})['\"]'''
-secretGroup = 3
-keywords = [
-    "intercom",
-]
-[[rules]]
-id = "Intercom client secret/ID"
-description = "Intercom client secret/ID"
-regex = '''(?i)(intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
-secretGroup = 3
-keywords = [
-    "intercom",
-]
-[[rules]]
-id = "Ionic API token"
-description = "Ionic API token"
-regex = '''\bion_(?i)[a-z0-9]{42}\b'''
-keywords = [
-    "ion_",
-]
-[[rules]]
-id = "Linear API token"
-description = "Linear API token"
-regex = '''lin_api_(?i)[a-z0-9]{40}'''
-keywords = [
-    "lin_api_",
-]
-[[rules]]
-id = "Linear client secret/ID"
-description = "Linear client secret/ID"
-regex = '''(?i)(linear[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "linear",
-]
-[[rules]]
-id = "Lob API Key"
-description = "Lob API Key"
-regex = '''(?i)(lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]((live|test)_[a-f0-9]{35})['\"]'''
-secretGroup = 3
-keywords = [
-    "lob",
-]
-[[rules]]
-id = "Lob Publishable API Key"
-description = "Lob Publishable API Key"
-regex = '''(?i)(lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]((test|live)_pub_[a-f0-9]{31})['\"]'''
-secretGroup = 3
-keywords = [
-    "lob",
-]
-[[rules]]
-id = "Mailchimp API key"
-description = "Mailchimp API key"
-regex = '''(?i)(mailchimp[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32}-us20)['\"]'''
-secretGroup = 3
-tags = ["gitlab_blocking"]
-keywords = [
-    "mailchimp",
-]
-[[rules]]
-id = "Mailgun private API token"
-description = "Mailgun private API token"
-regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](key-[a-f0-9]{32})['\"]'''
-secretGroup = 3
-tags = ["gitlab_blocking"]
-keywords = [
-    "mailgun",
-]
-[[rules]]
-id = "Mailgun public validation key"
-description = "Mailgun public validation key"
-regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](pubkey-[a-f0-9]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "mailgun",
-]
-[[rules]]
-id = "Mailgun webhook signing key"
-description = "Mailgun webhook signing key"
-regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\"]'''
-secretGroup = 3
-tags = ["gitlab_blocking"]
-keywords = [
-    "mailgun",
-]
-[[rules]]
-id = "Mapbox API token"
-description = "Mapbox API token"
-regex = '''(?i)(pk\.[a-z0-9]{60}\.[a-z0-9]{22})'''
-keywords = [
-    "mapbox",
-]
-[[rules]]
-id = "messagebird-api-token"
-description = "MessageBird API token"
-regex = '''(?i)(messagebird[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{25})['\"]'''
-secretGroup = 3
-keywords = [
-    "messagebird",
-]
-[[rules]]
-id = "MessageBird API client ID"
-description = "MessageBird API client ID"
-regex = '''(?i)(messagebird[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
-secretGroup = 3
-keywords = [
-    "messagebird",
-]
-[[rules]]
-id = "New Relic user API Key"
-description = "New Relic user API Key"
-regex = '''['\"](NRAK-[A-Z0-9]{27})['\"]'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "NRAK",
-]
-[[rules]]
-id = "New Relic user API ID"
-description = "New Relic user API ID"
-regex = '''(?i)(newrelic[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([A-Z0-9]{64})['\"]'''
-secretGroup = 3
-tags = ["gitlab_blocking"]
-keywords = [
-    "newrelic",
-]
-[[rules]]
-id = "New Relic ingest browser API token"
-description = "New Relic ingest browser API token"
-regex = '''['\"](NRJS-[a-f0-9]{19})['\"]'''
-keywords = [
-    "NRJS",
-]
-[[rules]]
-id = "npm access token"
-description = "npm access token"
-regex = '''['\"](npm_(?i)[a-z0-9]{36})['\"]'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "npm_",
-]
-[[rules]]
-id = "Planetscale password"
-description = "Planetscale password"
-regex = '''pscale_pw_(?i)[a-z0-9\-_\.]{43}'''
-keywords = [
-    "pscale_pw_",
-]
-[[rules]]
-id = "Planetscale API token"
-description = "Planetscale API token"
-regex = '''pscale_tkn_(?i)[a-z0-9\-_\.]{43}'''
-keywords = [
-    "pscale_tkn_",
-]
-[[rules]]
-id = "Postman API token"
-description = "Postman API token"
-regex = '''PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34}'''
-keywords = [
-    "PMAK-",
-]
-[[rules]]
-id = "Pulumi API token"
-description = "Pulumi API token"
-regex = '''pul-[a-f0-9]{40}'''
-keywords = [
-    "pul-",
-]
-[[rules]]
-id = "Rubygem API token"
-description = "Rubygem API token"
-regex = '''rubygems_[a-f0-9]{48}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "rubygems_",
-]
-[[rules]]
-id = "Segment Public API token"
-description = "Segment Public API token"
-regex = '''sgp_[a-zA-Z0-9]{64}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "sgp_",
-]
-[[rules]]
-id = "Sendgrid API token"
-description = "Sendgrid API token"
-regex = '''SG\.(?i)[a-z0-9_\-\.]{66}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "sendgrid",
-]
-[[rules]]
-id = "Sendinblue API token"
-description = "Sendinblue API token"
-regex = '''xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}'''
-keywords = [
-    "xkeysib-",
-]
-[[rules]]
-id = "Sendinblue SMTP token"
-description = "Sendinblue SMTP token"
-regex = '''xsmtpsib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}'''
-keywords = [
-    "xsmtpsib-",
-]
-[[rules]]
-id = "Shippo API token"
-description = "Shippo API token"
-regex = '''shippo_(live|test)_[a-f0-9]{40}'''
-keywords = [
-    "shippo_",
-]
-[[rules]]
-id = "Linkedin Client secret"
-description = "Linkedin Client secret"
-regex = '''(?i)(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z]{16})['\"]'''
-secretGroup = 3
-keywords = [
-    "linkedin",
-]
-[[rules]]
-id = "Linkedin Client ID"
-description = "Linkedin Client ID"
-regex = '''(?i)(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{14})['\"]'''
-secretGroup = 3
-keywords = [
-    "linkedin",
-]
-[[rules]]
-id = "Twitch API token"
-description = "Twitch API token"
-regex = '''(?i)(twitch[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{30})['\"]'''
-secretGroup = 3
-keywords = [
-    "twitch",
-]
-[[rules]]
-id = "Typeform API token"
-description = "Typeform API token"
-regex = '''(?i)(typeform[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}(tfp_[a-z0-9\-_\.=]{59})'''
-secretGroup = 3
-keywords = [
-    "typeform",
-]
-[[rules]]
-id = "Yandex.Cloud IAM Cookie v1 - 1"
-description = "Yandex.Cloud IAM Cookie v1"
-regex = '''\bc1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\"|\n|\r|\s|\x60]'''
-keywords = [
-    "yandex",
-]
-[[rules]]
-id = "Yandex.Cloud IAM Cookie v1 - 2"
-description = "Yandex.Cloud IAM Token v1"
-regex = '''\bt1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\"|\n|\r|\s|\x60]'''
-keywords = [
-    "yandex",
-]
-[[rules]]
-id = "Yandex.Cloud IAM Cookie v1 - 3"
-description = "Yandex.Cloud IAM API key v1"
-regex = '''\bAQVN[A-Za-z0-9_\-]{35,38}['|\"|\n|\r|\s|\x60]'''
-keywords = [
-    "yandex",
-]
-[[rules]]
-id = "Yandex.Cloud AWS API compatible Access Secret"
-description = "Yandex.Cloud AWS API compatible Access Secret"
-regex = '''\bYC[a-zA-Z0-9_\-]{38}['|\"|\n|\r|\s|\x60]'''
-keywords = [
-    "yandex",
-]
-[[rules]]
-id = "Meta access token"
-description = "Meta access token"
-regex = '''\bEA[a-zA-Z0-9]{90,400}['|\"|\n|\r|\s|\x60]'''
-keywords = [
-    "EA",
-]
-[[rules]]
-id = "Oculus access token"
-description = "Oculus access token"
-regex = '''\bOC[a-zA-Z0-9]{90,400}['|\"|\n|\r|\s|\x60]'''
-keywords = [
-    "OC",
-]
-[[rules]]
-id = "Instagram access token"
-description = "Instagram access token"
-regex = '''\bIG[a-zA-Z0-9]{90,400}['|\"|\n|\r|\s|\x60]'''
-keywords = [
-    "IG",
-]
-[[rules]]
-id = "CircleCI access tokens"
-description = "CircleCI access tokens"
-regex = '''\bCCI(?:PAT|PRJ)_[a-zA-Z0-9]{22}_[a-f0-9]{40}'''
-keywords = [
-    "CircleCI"
-]
-[[rules]]
-description = "Open AI API key"
-id = "open ai token"
-regex = '''\bsk-[a-zA-Z0-9]{48}\b'''
-keywords = [
-    "sk-",
-]
-[[rules]]
-id = "Tailscale key"
-description = "Tailscale keys"
-regex = '''\btskey-\w+-\w+-\w+\b'''
-keywords = [
-    "tskey-",
-]