RubyGems - gitlab-secret_detection - Versions diffs - 0.9.0 → 0.10.0 - Mend

gitlab-secret_detection 0.9.0 → 0.10.0

Files changed (5) hide show

checksums.yaml +4 -4
data/README.md +14 -2
data/lib/gitlab/secret_detection/core/ruleset.rb +1 -1
metadata +2 -3
data/lib/gitlab/secret_detection/core/gitleaks.toml +0 -1084

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 11072219ab42b67d6058ec56843fa3b5082b69a65f7e18fdde5c845d10693c95
-  data.tar.gz: de0687b9f7a614ab6adeb26c155b3769f54a45470ed74bb807188c68e9580d33
+  metadata.gz: d8c9973848eb3af18a6877e6d1e9934e69511fb9c41864f4b822791369e97ec0
+  data.tar.gz: f3b2679ae7b92b6b926ee2bdbe552bbae3c5ad07670d36d018a812b354fd3a55
 SHA512:
-  metadata.gz: b8a514a818697d448ce86821cc065685e70b0b8fad00b4729f689b888d3e76219160a1560ff058ae402e4aec56edb0b16f1b49faf6ecb0143b6a7bbeab736308
-  data.tar.gz: fa0c4f0e2118588084e570000b138bb030e6626f16da2e0cba53515afb0543aaee99e476588dacb91c81b93d37d0a4d04afe0a85f4962299361588dd7c074190
+  metadata.gz: f5d371430a4c8c6051dadcee41071ac03d5fcd7e39cd726fa6d9ed0f59008813ad3b27efb2ebc185218eeeb15ae747b48a8d053065e64217a55f052505b45174
+  data.tar.gz: 807521d0c06bc757eb51dc4536bc335a34fb0606c64b77ad94145dcbb829105a70efef8c606771c0340330f9bb4bb4af00193795165bc38068b6d174614b06d3

data/README.md CHANGED Viewed

@@ -42,7 +42,7 @@ the approach:
 │           ├── core/..                  # Secret detection logic (most of it pulled from existing gem)
 │           └── grpc
 │               ├── generated/..         # gRPC generated files and secret detection gRPC service
-│               ├── client/..            # gRPC client to invoke secret detection service's RPC endpoints
+│               ├── client/..            # gRPC client to invoke secret detection service's RPC endpoints
 │               └── scanner_service.rb   # Secret detection gRPC service implementation
 ├── examples
 │   └── sample-client/..                 # Sample Ruby RPC client that connects with gRPC server and calls RPC scan
@@ -54,7 +54,8 @@ the approach:
 ├── spec/..                              # Rspec tests and related test helpers
 ├── gitlab-secret_detection.gemspec      # Gemspec file for Ruby Gem
 ├── Dockerfile                           # Dockerfile for running gRPC server
-└── Makefile                             # All the CLI commands placed here
+├── Makefile                             # All the CLI commands placed here
+└── RULES_VERSION                        # Current version of secret-detection-rules
 ```
 ### Makefile commands
@@ -63,6 +64,7 @@ Usage `make <command>`
 | Command             | Description                                                                                                                     |
 |---------------------|---------------------------------------------------------------------------------------------------------------------------------|
+| `install_secret_detection_rules` | Downloads secret-detection-rules based on package version defined in RULES_VERSION                                 |
 | `install`           | Installs ruby gems in the project using Ruby bundler                                                                            |
 | `lint_fix`          | Fixes all the fixable Rubocop lint offenses                                                                                     |
 | `gem_clean`         | Cleans existing gem file(if any) generated through gem build process                                                            |
@@ -75,6 +77,16 @@ Usage `make <command>`
 | `run_grpc_tests`    | Runs RSpec tests for Secret Detection gRPC endpoints                                                                            |
 | `run_all_tests`     | Runs all the RSpec tests in the project                                                                                         |
+## Secret Detection Rules
+The make target `install_secret_detection_rules` fetches the version of the
+[secret detection rules package](https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules/-/packages)
+specified in the `RULES_VERSION` file and extracts the secret_push_protection_rules.toml rule file.
+The command is called when running tests as well as when building the Dockerfile.
+The secret_push_protection_rules.toml file is added to .gitignore to
+avoid checking in changes.
 ## Generating a ruby gem
 In the project directory, run `make gem` command in the terminal that builds a ruby gem(ex: `secret_detection-0.1.0.gem`) in the root of

data/lib/gitlab/secret_detection/core/ruleset.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Gitlab
     module Core
       class Ruleset
         # file path where the secrets ruleset file is located
-        RULESET_FILE_PATH = File.expand_path('gitleaks.toml', __dir__)
+        RULESET_FILE_PATH = File.expand_path('secret_push_protection_rules.toml', __dir__)
         def initialize(path: RULESET_FILE_PATH, logger: Logger.new($stdout))
           @path = path

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-secret_detection
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 0.10.0
 platform: ruby
 authors:
 - group::secret detection
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-30 00:00:00.000000000 Z
+date: 2024-11-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grpc
@@ -100,7 +100,6 @@ files:
 - lib/gitlab/secret_detection.rb
 - lib/gitlab/secret_detection/core.rb
 - lib/gitlab/secret_detection/core/finding.rb
-- lib/gitlab/secret_detection/core/gitleaks.toml
 - lib/gitlab/secret_detection/core/response.rb
 - lib/gitlab/secret_detection/core/ruleset.rb
 - lib/gitlab/secret_detection/core/scanner.rb

data/lib/gitlab/secret_detection/core/gitleaks.toml DELETED Viewed

@@ -1,1084 +0,0 @@
-# This file contains a subset of rules pulled from the original source file.
-# Original Source: https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/blob/master/gitleaks.toml
-# Reference: https://gitlab.com/gitlab-org/gitlab/-/issues/427011
-title = "gitleaks config"
-[[rules]]
-id = "gitlab_personal_access_token"
-description = "GitLab Personal Access Token"
-regex = '''\bglpat-[0-9a-zA-Z_\-]{20}\b'''
-tags = ["gitlab", "revocation_type", "gitlab_blocking"]
-keywords = [
-    "glpat",
-]
-[[rules]]
-id = "gitlab_pipeline_trigger_token"
-description = "GitLab Pipeline Trigger Token"
-regex = '''\bglptt-[0-9a-zA-Z_\-]{40}\b'''
-tags = ["gitlab", "gitlab_blocking"]
-keywords = [
-    "glptt",
-]
-[[rules]]
-id = "gitlab_runner_registration_token"
-description = "GitLab Runner Registration Token"
-regex = '''\bGR1348941[0-9a-zA-Z_\-]{20}\b'''
-tags = ["gitlab", "gitlab_blocking"]
-keywords = [
-    "GR1348941",
-]
-[[rules]]
-id = "gitlab_runner_auth_token"
-description = "GitLab Runner Authentication Token"
-regex = '''\bglrt-[0-9a-zA-Z_\-]{20}\b'''
-tags = ["gitlab", "gitlab_blocking"]
-keywords = [
-    "glrt",
-]
-[[rules]]
-id = "gitlab_feed_token"
-description = "GitLab Feed Token"
-regex = '''\bfeed_token=[0-9a-zA-Z_\-]{20}\b'''
-tags = ["gitlab"]
-keywords = [
-    "feed_token",
-]
-[[rules]]
-id = "gitlab_oauth_app_secret"
-description = "GitLab OAuth Application Secrets"
-regex = '''\bgloas-[0-9a-zA-Z_\-]{64}\b'''
-tags = ["gitlab", "gitlab_blocking"]
-keywords = [
-    "gloas",
-]
-[[rules]]
-id = "gitlab_feed_token_v2"
-description = "GitLab Feed token"
-regex = '''\bglft-[0-9a-zA-Z_\-]{20}\b'''
-tags = ["gitlab", "gitlab_blocking"]
-keywords = [
-    "glft",
-]
-[[rules]]
-id = "gitlab_kubernetes_agent_token"
-description = "GitLab Agent for Kubernetes token"
-regex = '''\bglagent-[0-9a-zA-Z_\-]{50}\b'''
-tags = ["gitlab", "gitlab_blocking"]
-keywords = [
-    "glagent",
-]
-[[rules]]
-id = "gitlab_incoming_email_token"
-description = "GitLab Incoming email token"
-regex = '''\bglimt-[0-9a-zA-Z_\-]{25}\b'''
-tags = ["gitlab", "gitlab_blocking"]
-keywords = [
-    "glimt",
-]
-[[rules]]
-id = "gitlab_deploy_token"
-description = "GitLab Deploy Token"
-regex = '''\bgldt-[0-9a-zA-Z_\-]{20}\b'''
-tags = ["gitlab"]
-keywords = [
-    "gldt",
-]
-[[rules]]
-id = "gitlab_scim_oauth_token"
-description = "GitLab SCIM token"
-regex = '''\bglsoat-[0-9a-zA-Z_\-]{20}\b'''
-tags = ["gitlab"]
-keywords = [
-    "glsoat",
-]
-[[rules]]
-id = "gitlab_ci_build_token"
-description = "GitLab CI Build (Job) token"
-regex = '''\bglcbt-[0-9a-zA-Z]{1,5}_[0-9a-zA-Z_-]{20}\b'''
-tags = ["gitlab"]
-keywords = [
-    "glcbt",
-]
-[[rules]]
-id = "AWS"
-description = "AWS Access Token"
-regex = '''\bAKIA[0-9A-Z]{16}\b'''
-tags = ["aws", "revocation_type", "gitlab_blocking"]
-keywords = [
-    "AKIA",
-]
-# Cryptographic keys
-[[rules]]
-id = "PKCS8 private key"
-description = "PKCS8 private key"
-regex = '''-----BEGIN PRIVATE KEY-----'''
-keywords = [
-    "-----BEGIN PRIVATE KEY-----",
-]
-[[rules]]
-id = "RSA private key"
-description = "RSA private key"
-regex = '''-----BEGIN RSA PRIVATE KEY-----'''
-keywords = [
-    "-----BEGIN RSA PRIVATE KEY-----",
-]
-[[rules]]
-id = "SSH private key"
-description = "SSH private key"
-regex = '''-----BEGIN OPENSSH PRIVATE KEY-----'''
-keywords = [
-    "-----BEGIN OPENSSH PRIVATE KEY-----",
-]
-[[rules]]
-id = "PGP private key"
-description = "PGP private key"
-regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
-keywords = [
-    "-----BEGIN PGP PRIVATE KEY BLOCK-----",
-]
-[[rules]]
-description = "systemd machine-id"
-id = "systemd-machine-id"
-path = '''^machine-id$'''
-regex = '''^[0-9a-f]{32}\n$'''
-entropy = 3.5
-[[rules]]
-id = "Github Personal Access Token"
-description = "Github Personal Access Token"
-regex = '''ghp_[0-9a-zA-Z]{36}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "ghp_",
-]
-[[rules]]
-id = "Github OAuth Access Token"
-description = "Github OAuth Access Token"
-regex = '''gho_[0-9a-zA-Z]{36}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "gho_",
-]
-[[rules]]
-id = "SSH (DSA) private key"
-description = "SSH (DSA) private key"
-regex = '''-----BEGIN DSA PRIVATE KEY-----'''
-keywords = [
-    "-----BEGIN DSA PRIVATE KEY-----",
-]
-[[rules]]
-id = "SSH (EC) private key"
-description = "SSH (EC) private key"
-regex = '''-----BEGIN EC PRIVATE KEY-----'''
-keywords = [
-    "-----BEGIN EC PRIVATE KEY-----",
-]
-[[rules]]
-id = "Github App Token"
-description = "Github App Token"
-regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "ghu_",
-    "ghs_"
-]
-[[rules]]
-id = "Github Refresh Token"
-description = "Github Refresh Token"
-regex = '''ghr_[0-9a-zA-Z]{76}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "ghr_"
-]
-[[rules]]
-id = "Shopify shared secret"
-description = "Shopify shared secret"
-regex = '''shpss_[a-fA-F0-9]{32}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "shpss_"
-]
-[[rules]]
-id = "Shopify access token"
-description = "Shopify access token"
-regex = '''shpat_[a-fA-F0-9]{32}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "shpat_"
-]
-[[rules]]
-id = "Shopify custom app access token"
-description = "Shopify custom app access token"
-regex = '''shpca_[a-fA-F0-9]{32}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "shpca_"
-]
-[[rules]]
-id = "Shopify private app access token"
-description = "Shopify private app access token"
-regex = '''shppa_[a-fA-F0-9]{32}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "shppa_"
-]
-[[rules]]
-id = "Slack token"
-description = "Slack token"
-regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "xoxb",
-    "xoxa",
-    "xoxp",
-    "xoxr",
-    "xoxs",
-]
-[[rules]]
-id = "Stripe"
-description = "Stripe"
-regex = '''(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "sk_test",
-    "pk_test",
-    "sk_live",
-    "pk_live",
-]
-[[rules]]
-id = "PyPI upload token"
-description = "PyPI upload token"
-regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''
-tags = ["pypi", "revocation_type", "gitlab_blocking"]
-keywords = [
-    "pypi-AgEIcHlwaS5vcmc",
-]
-[[rules]]
-id = "Google (GCP) Service-account"
-description = "Google (GCP) Service-account"
-tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
-regex = '''\"private_key\":\s*\"-{5}BEGIN PRIVATE KEY-{5}[\s\S]*?",'''
-keywords = [
-    "service_account",
-]
-[[rules]]
-id = "GCP API key"
-description = "GCP API keys can be misused to gain API quota from billed projects"
-regex = '''(?i)\b(AIza[0-9A-Za-z-_]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
-tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
-keywords = [
-    "AIza",
-]
-[[rules]]
-id = "GCP OAuth client secret"
-description = "GCP OAuth client secrets can be misused to spoof your application"
-tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
-regex = '''GOCSPX-[a-zA-Z0-9_-]{28}'''
-keywords = [
-    "GOCSPX-",
-]
-[[rules]]
-# demo of this regex not matching passwords in urls that contain env vars:
-# https://regex101.com/r/rT9Lv9/6
-id = "Password in URL"
-description = "Password in URL"
-regex = '''[a-zA-Z]{3,10}:\/\/[^$][^:@\/\n]{3,20}:[^$][^:@\n\/]{3,40}@.{1,100}'''
-[[rules]]
-id = "Heroku API Key"
-description = "Heroku API Key"
-regex = '''(?i)(?:heroku)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60]|$)'''
-secretGroup = 1
-keywords = [
-    "heroku",
-]
-[[rules]]
-id = "Slack Webhook"
-description = "Slack Webhook"
-regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}'''
-keywords = [
-    "https://hooks.slack.com/services",
-]
-[[rules]]
-id = "Twilio API Key"
-description = "Twilio API Key"
-regex = '''SK[0-9a-fA-F]{32}'''
-keywords = [
-    "SK",
-    "twilio"
-]
-[[rules]]
-id = "Age secret key"
-description = "Age secret key"
-regex = '''AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}'''
-keywords = [
-    "AGE-SECRET-KEY-1",
-]
-[[rules]]
-id = "Facebook token"
-description = "Facebook token"
-regex = '''(?i)(facebook[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "facebook",
-]
-[[rules]]
-id = "Twitter token"
-description = "Twitter token"
-regex = '''(?i)(twitter[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{35,44})['\"]'''
-secretGroup = 3
-keywords = [
-    "twitter",
-]
-[[rules]]
-id = "Adobe Client ID (Oauth Web)"
-description = "Adobe Client ID (Oauth Web)"
-regex = '''(?i)(adobe[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "adobe",
-]
-[[rules]]
-id = "Adobe Client Secret"
-description = "Adobe Client Secret"
-regex = '''(p8e-)(?i)[a-z0-9]{32}'''
-keywords = [
-    "adobe",
-    "p8e-,"
-]
-[[rules]]
-id = "Alibaba AccessKey ID"
-description = "Alibaba AccessKey ID"
-regex = '''(LTAI)(?i)[a-z0-9]{20}'''
-keywords = [
-    "LTAI",
-]
-[[rules]]
-id = "Alibaba Secret Key"
-description = "Alibaba Secret Key"
-regex = '''(?i)(alibaba[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{30})['\"]'''
-secretGroup = 3
-keywords = [
-    "alibaba",
-]
-[[rules]]
-id = "Asana Client ID"
-description = "Asana Client ID"
-regex = '''(?i)(asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9]{16})['\"]'''
-secretGroup = 3
-keywords = [
-    "asana",
-]
-[[rules]]
-id = "Asana Client Secret"
-description = "Asana Client Secret"
-regex = '''(?i)(asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "asana",
-]
-[[rules]]
-id = "Atlassian API token"
-description = "Atlassian API token"
-regex = '''(?i)(atlassian[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{24})['\"]'''
-secretGroup = 3
-keywords = [
-    "atlassian",
-]
-[[rules]]
-id = "Bitbucket client ID"
-description = "Bitbucket client ID"
-regex = '''(?i)(bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "bitbucket",
-]
-[[rules]]
-id = "Bitbucket client secret"
-description = "Bitbucket client secret"
-regex = '''(?i)(bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9_\-]{64})['\"]'''
-secretGroup = 3
-keywords = [
-    "bitbucket",
-]
-[[rules]]
-id = "Beamer API token"
-description = "Beamer API token"
-regex = '''(?i)(beamer[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](b_[a-z0-9=_\-]{44})['\"]'''
-secretGroup = 3
-keywords = [
-    "beamer",
-]
-[[rules]]
-id = "Clojars API token"
-description = "Clojars API token"
-regex = '''(CLOJARS_)(?i)[a-z0-9]{60}'''
-keywords = [
-    "CLOJARS_",
-]
-[[rules]]
-id = "Contentful delivery API token"
-description = "Contentful delivery API token"
-regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
-secretGroup = 3
-keywords = [
-    "contentful",
-]
-[[rules]]
-id = "Contentful preview API token"
-description = "Contentful preview API token"
-regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
-secretGroup = 3
-keywords = [
-    "contentful",
-]
-[[rules]]
-id = "Databricks API token"
-description = "Databricks API token"
-regex = '''dapi[a-h0-9]{32}'''
-keywords = [
-    "dapi",
-    "databricks"
-]
-[[rules]]
-description = "DigitalOcean OAuth Access Token"
-id = "digitalocean-access-token"
-regex = '''(?i)\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
-keywords = [
-    "doo_v1_",
-]
-[[rules]]
-description = "DigitalOcean Personal Access Token"
-id = "digitalocean-pat"
-regex = '''(?i)\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
-keywords = [
-    "dop_v1_",
-]
-[[rules]]
-description = "DigitalOcean OAuth Refresh Token"
-id = "digitalocean-refresh-token"
-regex = '''(?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
-keywords = [
-    "dor_v1_",
-]
-[[rules]]
-id = "Discord API key"
-description = "Discord API key"
-regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
-secretGroup = 3
-keywords = [
-    "discord",
-]
-[[rules]]
-id = "Discord client ID"
-description = "Discord client ID"
-regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9]{18})['\"]'''
-secretGroup = 3
-keywords = [
-    "discord",
-]
-[[rules]]
-id = "Discord client secret"
-description = "Discord client secret"
-regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_\-]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "discord",
-]
-[[rules]]
-id = "Doppler API token"
-description = "Doppler API token"
-regex = '''['\"](dp\.pt\.)(?i)[a-z0-9]{43}['\"]'''
-keywords = [
-    "doppler",
-]
-[[rules]]
-id = "Dropbox API secret/key"
-description = "Dropbox API secret/key"
-regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{15})['\"]'''
-keywords = [
-    "dropbox",
-]
-[[rules]]
-id = "Dropbox short lived API token"
-description = "Dropbox short lived API token"
-regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](sl\.[a-z0-9\-=_]{135})['\"]'''
-keywords = [
-    "dropbox",
-]
-[[rules]]
-id = "Dropbox long lived API token"
-description = "Dropbox long lived API token"
-regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"][a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43}['\"]'''
-keywords = [
-    "dropbox",
-]
-[[rules]]
-id = "Duffel API token"
-description = "Duffel API token"
-regex = '''['\"]duffel_(test|live)_(?i)[a-z0-9_-]{43}['\"]'''
-keywords = [
-    "duffel",
-]
-[[rules]]
-id = "Dynatrace API token"
-description = "Dynatrace API token"
-regex = '''['\"]dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}['\"]'''
-keywords = [
-    "dt0c01",
-]
-[[rules]]
-id = "EasyPost API token"
-description = "EasyPost API token"
-regex = '''['\"]EZAK(?i)[a-z0-9]{54}['\"]'''
-keywords = [
-    "EZAK",
-]
-[[rules]]
-id = "EasyPost test API token"
-description = "EasyPost test API token"
-regex = '''['\"]EZTK(?i)[a-z0-9]{54}['\"]'''
-keywords = [
-    "EZTK",
-]
-[[rules]]
-id = "Fastly API token"
-description = "Fastly API token"
-regex = '''(?i)(fastly[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "fastly",
-]
-[[rules]]
-id = "Finicity client secret"
-description = "Finicity client secret"
-regex = '''(?i)(finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{20})['\"]'''
-secretGroup = 3
-keywords = [
-    "finicity",
-]
-[[rules]]
-id = "Finicity API token"
-description = "Finicity API token"
-regex = '''(?i)(finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "finicity",
-]
-[[rules]]
-id = "Flutterwave public key"
-description = "Flutterwave public key"
-regex = '''FLWPUBK_TEST-(?i)[a-h0-9]{32}-X'''
-keywords = [
-    "FLWPUBK_TEST",
-]
-[[rules]]
-id = "Flutterwave secret key"
-description = "Flutterwave secret key"
-regex = '''FLWSECK_TEST-(?i)[a-h0-9]{32}-X'''
-keywords = [
-    "FLWSECK_TEST",
-]
-[[rules]]
-id = "Flutterwave encrypted key"
-description = "Flutterwave encrypted key"
-regex = '''FLWSECK_TEST[a-h0-9]{12}'''
-keywords = [
-    "FLWSECK_TEST",
-]
-[[rules]]
-id = "Frame.io API token"
-description = "Frame.io API token"
-regex = '''fio-u-(?i)[a-z0-9-_=]{64}'''
-keywords = [
-    "fio-u-",
-]
-[[rules]]
-id = "GoCardless API token"
-description = "GoCardless API token"
-regex = '''['\"]live_(?i)[a-z0-9-_=]{40}['\"]'''
-keywords = [
-    "gocardless",
-]
-[[rules]]
-id = "Grafana API token"
-description = "Grafana API token"
-regex = '''['\"]eyJrIjoi(?i)[a-z0-9-_=]{72,92}['\"]'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "grafana",
-]
-[[rules]]
-id = "Hashicorp Terraform user/org API token"
-description = "Hashicorp Terraform user/org API token"
-regex = '''['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9-_=]{60,70}['\"]'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "atlasv1",
-    "hashicorp",
-    "terraform"
-]
-[[rules]]
-id = "Hashicorp Vault batch token"
-description = "Hashicorp Vault batch token"
-regex = '''b\.AAAAAQ[0-9a-zA-Z_-]{156}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "hashicorp",
-    "AAAAAQ",
-    "vault"
-]
-[[rules]]
-id = "Hubspot API token"
-description = "Hubspot API token"
-regex = '''(?i)(hubspot[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
-secretGroup = 3
-keywords = [
-    "hubspot",
-]
-[[rules]]
-id = "Intercom API token"
-description = "Intercom API token"
-regex = '''(?i)(intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_]{60})['\"]'''
-secretGroup = 3
-keywords = [
-    "intercom",
-]
-[[rules]]
-id = "Intercom client secret/ID"
-description = "Intercom client secret/ID"
-regex = '''(?i)(intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
-secretGroup = 3
-keywords = [
-    "intercom",
-]
-[[rules]]
-id = "Ionic API token"
-description = "Ionic API token"
-regex = '''\bion_(?i)[a-z0-9]{42}\b'''
-keywords = [
-    "ion_",
-]
-[[rules]]
-id = "Linear API token"
-description = "Linear API token"
-regex = '''lin_api_(?i)[a-z0-9]{40}'''
-keywords = [
-    "lin_api_",
-]
-[[rules]]
-id = "Linear client secret/ID"
-description = "Linear client secret/ID"
-regex = '''(?i)(linear[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "linear",
-]
-[[rules]]
-id = "Lob API Key"
-description = "Lob API Key"
-regex = '''(?i)(lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]((live|test)_[a-f0-9]{35})['\"]'''
-secretGroup = 3
-keywords = [
-    "lob",
-]
-[[rules]]
-id = "Lob Publishable API Key"
-description = "Lob Publishable API Key"
-regex = '''(?i)(lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]((test|live)_pub_[a-f0-9]{31})['\"]'''
-secretGroup = 3
-keywords = [
-    "lob",
-]
-[[rules]]
-id = "Mailchimp API key"
-description = "Mailchimp API key"
-regex = '''(?i)(mailchimp[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32}-us20)['\"]'''
-secretGroup = 3
-tags = ["gitlab_blocking"]
-keywords = [
-    "mailchimp",
-]
-[[rules]]
-id = "Mailgun private API token"
-description = "Mailgun private API token"
-regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](key-[a-f0-9]{32})['\"]'''
-secretGroup = 3
-tags = ["gitlab_blocking"]
-keywords = [
-    "mailgun",
-]
-[[rules]]
-id = "Mailgun public validation key"
-description = "Mailgun public validation key"
-regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](pubkey-[a-f0-9]{32})['\"]'''
-secretGroup = 3
-keywords = [
-    "mailgun",
-]
-[[rules]]
-id = "Mailgun webhook signing key"
-description = "Mailgun webhook signing key"
-regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\"]'''
-secretGroup = 3
-tags = ["gitlab_blocking"]
-keywords = [
-    "mailgun",
-]
-[[rules]]
-id = "Mapbox API token"
-description = "Mapbox API token"
-regex = '''(?i)(pk\.[a-z0-9]{60}\.[a-z0-9]{22})'''
-keywords = [
-    "mapbox",
-]
-[[rules]]
-id = "messagebird-api-token"
-description = "MessageBird API token"
-regex = '''(?i)(messagebird[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{25})['\"]'''
-secretGroup = 3
-keywords = [
-    "messagebird",
-]
-[[rules]]
-id = "MessageBird API client ID"
-description = "MessageBird API client ID"
-regex = '''(?i)(messagebird[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
-secretGroup = 3
-keywords = [
-    "messagebird",
-]
-[[rules]]
-id = "New Relic user API Key"
-description = "New Relic user API Key"
-regex = '''['\"](NRAK-[A-Z0-9]{27})['\"]'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "NRAK",
-]
-[[rules]]
-id = "New Relic user API ID"
-description = "New Relic user API ID"
-regex = '''(?i)(newrelic[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([A-Z0-9]{64})['\"]'''
-secretGroup = 3
-tags = ["gitlab_blocking"]
-keywords = [
-    "newrelic",
-]
-[[rules]]
-id = "New Relic ingest browser API token"
-description = "New Relic ingest browser API token"
-regex = '''['\"](NRJS-[a-f0-9]{19})['\"]'''
-keywords = [
-    "NRJS",
-]
-[[rules]]
-id = "npm access token"
-description = "npm access token"
-regex = '''['\"](npm_(?i)[a-z0-9]{36})['\"]'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "npm_",
-]
-[[rules]]
-id = "Planetscale password"
-description = "Planetscale password"
-regex = '''pscale_pw_(?i)[a-z0-9\-_\.]{43}'''
-keywords = [
-    "pscale_pw_",
-]
-[[rules]]
-id = "Planetscale API token"
-description = "Planetscale API token"
-regex = '''pscale_tkn_(?i)[a-z0-9\-_\.]{43}'''
-keywords = [
-    "pscale_tkn_",
-]
-[[rules]]
-id = "Postman API token"
-description = "Postman API token"
-regex = '''PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34}'''
-keywords = [
-    "PMAK-",
-]
-[[rules]]
-id = "Pulumi API token"
-description = "Pulumi API token"
-regex = '''pul-[a-f0-9]{40}'''
-keywords = [
-    "pul-",
-]
-[[rules]]
-id = "Rubygem API token"
-description = "Rubygem API token"
-regex = '''rubygems_[a-f0-9]{48}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "rubygems_",
-]
-[[rules]]
-id = "Segment Public API token"
-description = "Segment Public API token"
-regex = '''sgp_[a-zA-Z0-9]{64}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "sgp_",
-]
-[[rules]]
-id = "Sendgrid API token"
-description = "Sendgrid API token"
-regex = '''SG\.(?i)[a-z0-9_\-\.]{66}'''
-tags = ["gitlab_blocking"]
-keywords = [
-    "sendgrid",
-]
-[[rules]]
-id = "Sendinblue API token"
-description = "Sendinblue API token"
-regex = '''xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}'''
-keywords = [
-    "xkeysib-",
-]
-[[rules]]
-id = "Sendinblue SMTP token"
-description = "Sendinblue SMTP token"
-regex = '''xsmtpsib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}'''
-keywords = [
-    "xsmtpsib-",
-]
-[[rules]]
-id = "Shippo API token"
-description = "Shippo API token"
-regex = '''shippo_(live|test)_[a-f0-9]{40}'''
-keywords = [
-    "shippo_",
-]
-[[rules]]
-id = "Linkedin Client secret"
-description = "Linkedin Client secret"
-regex = '''(?i)(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z]{16})['\"]'''
-secretGroup = 3
-keywords = [
-    "linkedin",
-]
-[[rules]]
-id = "Linkedin Client ID"
-description = "Linkedin Client ID"
-regex = '''(?i)(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{14})['\"]'''
-secretGroup = 3
-keywords = [
-    "linkedin",
-]
-[[rules]]
-id = "Twitch API token"
-description = "Twitch API token"
-regex = '''(?i)(twitch[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{30})['\"]'''
-secretGroup = 3
-keywords = [
-    "twitch",
-]
-[[rules]]
-id = "Typeform API token"
-description = "Typeform API token"
-regex = '''(?i)(typeform[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}(tfp_[a-z0-9\-_\.=]{59})'''
-secretGroup = 3
-keywords = [
-    "typeform",
-]
-[[rules]]
-id = "Yandex.Cloud IAM Cookie v1 - 1"
-description = "Yandex.Cloud IAM Cookie v1"
-regex = '''\bc1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\"|\n|\r|\s|\x60]'''
-keywords = [
-    "yandex",
-]
-[[rules]]
-id = "Yandex.Cloud IAM Cookie v1 - 2"
-description = "Yandex.Cloud IAM Token v1"
-regex = '''\bt1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\"|\n|\r|\s|\x60]'''
-keywords = [
-    "yandex",
-]
-[[rules]]
-id = "Yandex.Cloud IAM Cookie v1 - 3"
-description = "Yandex.Cloud IAM API key v1"
-regex = '''\bAQVN[A-Za-z0-9_\-]{35,38}['|\"|\n|\r|\s|\x60]'''
-keywords = [
-    "yandex",
-]
-[[rules]]
-id = "Yandex.Cloud AWS API compatible Access Secret"
-description = "Yandex.Cloud AWS API compatible Access Secret"
-regex = '''\bYC[a-zA-Z0-9_\-]{38}['|\"|\n|\r|\s|\x60]'''
-keywords = [
-    "yandex",
-]
-[[rules]]
-id = "Meta access token"
-description = "Meta access token"
-regex = '''\bEA[a-zA-Z0-9]{90,400}['|\"|\n|\r|\s|\x60]'''
-keywords = [
-    "EA",
-]
-[[rules]]
-id = "Oculus access token"
-description = "Oculus access token"
-regex = '''\bOC[a-zA-Z0-9]{90,400}['|\"|\n|\r|\s|\x60]'''
-keywords = [
-    "OC",
-]
-[[rules]]
-id = "Instagram access token"
-description = "Instagram access token"
-regex = '''\bIG[a-zA-Z0-9]{90,400}['|\"|\n|\r|\s|\x60]'''
-keywords = [
-    "IG",
-]
-[[rules]]
-id = "CircleCI access tokens"
-description = "CircleCI access tokens"
-regex = '''\bCCI(?:PAT|PRJ)_[a-zA-Z0-9]{22}_[a-f0-9]{40}'''
-keywords = [
-    "CircleCI"
-]
-[[rules]]
-description = "Open AI API key"
-id = "open ai token"
-regex = '''\bsk-[a-zA-Z0-9]{48}\b'''
-keywords = [
-    "sk-",
-]
-[[rules]]
-id = "Tailscale key"
-description = "Tailscale keys"
-regex = '''\btskey-\w+-\w+-\w+\b'''
-keywords = [
-    "tskey-",
-]